Navigation path

Left navigation

Additional tools

Other available languages: none


Siim Kallas

Vice-President of the European Commission, responsible for Administrative Affairs, Audit and Anti-Fraud

Introductory speech

E-Commission symposium on security
Brussels, 18 october 2005

You are going to deal here with subjects that are close both to my heart, as an Estonian familiar with e-government in my own country, and to my daily responsibility as Commissioner in charge of administration, informatics and security.

My services, the Directorate Generals for informatics and information technology, and Administration, have organised this event that I hope you’ll appreciate.

E-Commission is fundamentally about the change that the Commission has to achieve in order to increase its efficiency and transparency.

It is about how the Commission can deliver better, more cost effective, transparent and secure services to staff, to our partner administrations, to business and citizens.

The “e-” in front of “Commission” stands here to underline that this change is enabled by information technology.

Information technologies are a sine qua non condition for the achievement of our objectives. But they can do little without the strong will and resolute commitment from the Commission and its staff to acquaint themselves with these modern technologies.

I believe the real challenge now is to move from a paper-based to a real “e”-culture. The efforts to become an “e-Commission” will facilitate this evolution. Making the Commission’s administrative culture move ahead in this direction will not be an easy task. Each administrative structure has roots in, sometimes, age-old practices. In order to overcome resistance, we’ll rely on our best asset, our human resources: develop training, raise the awareness on best e-government practices in Member States or third countries; showing that this leads to added value in our everyday work.

The basis of this evolution is trust among the parties that must collaborate to make it happen. Trust is essential, both in business and in life, as it makes it possible to proceed where proof is lacking; and misplaced trust is ruinous, both in business and in life.

Transparency is THE basis of trust.

Transparency is a strong objective of this Commission, and I hope that this Thursday the College will adopt a “European transparency initiative” to push forward transparency on a set of concrete issues in relation to the broad public.

I will focus here on the questions of trust and transparency in relation to the security of the e-Commission.

By moving towards an e-Commission, the administration relies increasingly on Information technology and systems and must hence receive assurance of stable, if not decreasing, risk exposure. Elaborating this assurance is the task of information security: it has to ensure that information is and remains available, that confidentiality, integrity and audit capability are assured.

These assurances are fundamental because they offer the necessary guarantees for trust of administrators in the technology and information systems.

To define how much security we need has a direct influence on how much risk we are prepared to take.

Information security needs to be addressed both when new software systems are developed and when PCs are used.

  • What is key when new software products are developed is that they are of good quality, cost-effective and delivered on time: even if this triangle is rarely achieved, it is obvious that it remains a fundamental requirement, from the Commission’s viewpoint, that the new systems be available when planned and as planned. Information security must be addressed within this development process, so as to make sure that security policies and measures have been implemented as required. I understand from our IT experts that, if properly implemented at all Commission levels, the methodologies foreseen in the IT governance decision adopted by the College in 2004 will equip the Commission with a mature process for software development.
  • We also need to constantly ensure that our IT systems and networks are available as and when we need them, and protected from abuse such as spam. That the integrity of our information is protected from theft, loss or damage due to cyber-crime or other cause. And that audit capability of systems and networks allow us to remain in control. I believe that progress must be achieved in the years to come in electronic signatures and management of electronic identity and I will sponsor these initiatives as fundamental pillars of the e-Commission. I envision a system where the building knows I have just arrived, my screen recognises me and gives me – and only me! - access to all data and information I need to know for my work. Easy to say, certainly challenging.

I wish you a day of fruitful proceedings, which, I hope, by exploring the difficult and challenging subject of information security will contribute to increase our trust in a transparent, efficient and service-oriented e-Commission.

Annex: explanation of information security =Availability, confidentiality, integrity.

Availability: the information needs to be available when we need it in a usable and accessible form. This means that the systems and networks must not prevent from accessing it due to bad ergonomics (example: for handicapped persons) or to malfunctioning.

Confidentiality: The information must be only available to those that need to know it. Systems and networks must enforce this control at all levels.

Integrity: The information must be accurate and not altered by inappropriate treatment or malevolent event. We need to have the information change processes under control and protect it against accidental or intentional loss.

Side Bar