News > EEMA – The Cyber Security and Identity Catalyst

Over the last five-six years, through its involvement in projects partially funded by the European Commission, EEMA, Europe’s leading independent, non-profit digital enterprise community, has taken an increasingly significant role in creating awareness of the vision of a single European electronic identification and authentication area for both the public and private sectors. In October 2014, the Commission held a launch event to highlight that the recently published eIDAS regulation is key to unlocking the Digital Single Market and to demonstrate the commitment of EU institutions to ‘go digital’ together with public administrations in Member States, for the benefit of EU citizens and businesses.

European e-ID and cybersecurity projects

EEMA is involved in several key EC projects designed to ensure the safe interoperability of identity credentials across borders as well as most static and mobile platforms.

STORK 2.0

The aim of the project is to establish a European e-ID interoperability platform allowing citizens to establish new e-relations across borders, just by presenting their national e-ID. Cross-border user authentication for such e-relations is being applied and tested by means of four pilot projects that use existing government services in EU member states. In time, however, additional service providers will also become connected to the platform, thereby increasing the number of cross-border services available to European users. Thus, in the future, users should be able to start a company, get their tax refund, or obtain their university papers without being physically present; all they will need to access these services is to enter their personal data using their national e-ID, and the STORK platform will obtain the required guarantee (authentication) from the appropriate government.

User-centric approach

The role of the STORK platform is to identify a user who is in a session with a service provider and to send his data to this service. Whilst the service provider may request various data items, the user always controls the data to be sent. The explicit consent of the owner of the data, the user, is always required before his data can be sent to the service provider. The platform will not store any personal data, so no data can be lost. This user-centric approach was not taken to satisfy any philosophical preferences, but is in line with the legislative requirements of all the various countries involved that oblige concrete measures to be taken to guarantee that citizens’ fundamental rights, such as privacy, are respected.

e-ID-as-a-service offering

STORK 2.0’s methodology is to maximise the take-up of its scalable solutions by European public and private sectors, with a strong commitment to open specifications and long-term sustainability (backed by participating European industry). STORK 2.0 intends to be a key-enabler to support the open, competitive digital economy envisaged in the Europe 2020 strategy and is aligned with key actions in the Digital Agenda, thus contributing to Europe’s leadership role of the e-ID market.

The pilots

The pilots are focused on e-learning and academic qualifications, e-banking, public services for business and e-health areas. They demonstrate interoperable services in real-life settings and validate common specifications, standards and building blocks, convincingly addressing challenging legal and governance issues (across borders, application domains and different sectors). These applications will facilitate borderless digital living and mobility in the EU, enhancing the Digital Single Market for public and commercial services in alignment with the Services Directive. Strong liaisons exist with other large scale pilots (epSOS, Peppol, Spocs and e-Codex), the thematic network SSEDIC, as well as ISA’s STORK sustainability action, closely following and relating to other international efforts in e-ID.

FutureID

The FutureID project is building a comprehensive, flexible, privacyaware and ubiquitously usable identity management infrastructure for Europe, which integrates existing e-ID technology and trust infrastructures, emerging federated identity management services and modern credential technologies to provide a user-centric system for the trustworthy and accountable management of identity claims.

The FutureID infrastructure will provide great benefits to all stakeholders involved in the e-ID value chain. Users will benefit from the availability of a ubiquitously usable open source e-ID client, capable of running on any desktop PC, tablet or smartphone. The project will allow application and service providers to easily integrate their existing services with the FutureID infrastructure, providing them with the benefits from the strong security offered by e-IDs without requiring them to make substantial investments. This will enable service providers to offer this technology to users as an alternative to username/password-based systems, providing them with a choice for a more trustworthy, usable and innovative technology.

Network and information security (NIS)

The public-private NIS programme initiated by the EC’s DG CONNECT and ENISA is a major initiative to engage with European business; in particular with SMEs and the role of raising the level of cybersecurity over the value chain. One of the foremost issues is that SMEs have neither time, funds nor knowledge/education of cybersecurity. Additionally, the major challenge facing this activity is to find ways to engage and incentivise these hard to reach organisations which comprise 80% of the European GDP.

The NIS programme has already succeeded in delivering some important achievements and deliverables. This work now needs to be developed and refined in view of the Commission’s recommendations on good cybersecurity practices, to be proposed in 2015 (Action under the EU Cybersecurity Strategy (JOIN/1/2013)

EEMA is a major contributor to the NIS programme’s good cybersecurity practice guidance, available in October 2015.