Vice-President of the European Commission, responsible for Administrative
Affairs, Audit and Anti-Fraud
E-Commission symposium on security
You are going to deal here with subjects that are close both to my heart, as an Estonian familiar with e-government in my own country, and to my daily responsibility as Commissioner in charge of administration, informatics and security.
My services, the Directorate Generals for informatics and information technology, and Administration, have organised this event that I hope you’ll appreciate.
E-Commission is fundamentally about the change that the Commission has to achieve in order to increase its efficiency and transparency.
It is about how the Commission can deliver better, more cost effective, transparent and secure services to staff, to our partner administrations, to business and citizens.
The “e-” in front of “Commission” stands here to underline that this change is enabled by information technology.
Information technologies are a sine qua non condition for the achievement of our objectives. But they can do little without the strong will and resolute commitment from the Commission and its staff to acquaint themselves with these modern technologies.
I believe the real challenge now is to move from a paper-based to a real “e”-culture. The efforts to become an “e-Commission” will facilitate this evolution. Making the Commission’s administrative culture move ahead in this direction will not be an easy task. Each administrative structure has roots in, sometimes, age-old practices. In order to overcome resistance, we’ll rely on our best asset, our human resources: develop training, raise the awareness on best e-government practices in Member States or third countries; showing that this leads to added value in our everyday work.
The basis of this evolution is trust among the parties that must collaborate to make it happen. Trust is essential, both in business and in life, as it makes it possible to proceed where proof is lacking; and misplaced trust is ruinous, both in business and in life.
Transparency is THE basis of trust.
Transparency is a strong objective of this Commission, and I hope that this Thursday the College will adopt a “European transparency initiative” to push forward transparency on a set of concrete issues in relation to the broad public.
I will focus here on the questions of trust and transparency in relation to the security of the e-Commission.
By moving towards an e-Commission, the administration relies increasingly on Information technology and systems and must hence receive assurance of stable, if not decreasing, risk exposure. Elaborating this assurance is the task of information security: it has to ensure that information is and remains available, that confidentiality, integrity and audit capability are assured.
These assurances are fundamental because they offer the necessary guarantees for trust of administrators in the technology and information systems.
To define how much security we need has a direct influence on how much risk we are prepared to take.
Information security needs to be addressed both when new software systems are developed and when PCs are used.
I wish you a day of fruitful proceedings, which, I hope, by exploring the difficult and challenging subject of information security will contribute to increase our trust in a transparent, efficient and service-oriented e-Commission.
Annex: explanation of information security =Availability, confidentiality, integrity.
Availability: the information needs to be available when we need it in a usable and accessible form. This means that the systems and networks must not prevent from accessing it due to bad ergonomics (example: for handicapped persons) or to malfunctioning.
Confidentiality: The information must be only available to those that need to know it. Systems and networks must enforce this control at all levels.
Integrity: The information must be accurate and not altered by inappropriate treatment or malevolent event. We need to have the information change processes under control and protect it against accidental or intentional loss.