News Item

An ENISA perspective on Electronic Trust Services (eIDAS) by Udo Helmbrecht at SECURE 2014

The Executive Director Udo Helmbrecht gave an “ENISA perspective on Electronic Trust Services (eIDAS)” on October 22nd at the Secure 2014 Conference in Warsaw.

Published on October 24, 2014

The meeting brought together leading international experts, applied solutions, hot topics presenting state-of-the-art solutions, analysis of the current threats, latest trends in ICT security and important legal issues.

Analysing the threat landscape a dramatic increase of risks on cloud, mobile and wireless services feature with an increase in DDoS and phishing. An overview of breach notification in EU law and security requirements for Trust Service providers was compared to the existing practise where there is relative rare internal or risk assessment. Recommendations for Trust Service Providers (TSP) include:

Trust service providers in the EU and a national regulatory framework
Standardisation in the area of trust services
Supervision and audit of trust service providers
Certification of electronic signature products
Cryptographic algorithms in certification services
Incident handling procedures
References to minimum security requirements for personal data protection, using state-of-the-art techniques
Collaboration with ETSI, ESI

Udo Helmbrecht said: “Trust Service providers perform an important role within the EU and national regulatory framework. The increasing demands for security resulting from the threat landscape urge us to review the existing means for auditing Trust Service Providers, and stress the increasing need for standardisation, certification of services and products with the embedded use of cryptographic algorithms”.

Further, an audit of Trust Services will be soon available covering: