Trust and security

4 Apr 2019 15:15h - 16:15h

Event report

[Read more session reports and live updates from the 2nd Western Balkan Digital Summit]

Mr Vasko Kronevski (CEO, Nextsense), the moderator of the session, briefly spoke about the European Union Electronic Identification and Trust Services Regulation (eIDAS). This regulation ensures that people and businesses can use their own national electronic identification schemes to access public services across the EU region. This session dealt with how security increases trust in electronic services.

Ms Natalija Radoja (Senior Advisor to the Ministry of Trade, Tourism and Telecommunications of the Government) spoke about law on electronic documents, and Electronic Identification and Trust Services in Electronic Business, Serbia’s version of the eIDAS regulation. The law introduced new services: electronic delivery, electrical storage, and cloud signature. Cloud signature will be very important because it may lead to massive usage of e-signatures. Radoja emphasised the significance of mutual recognition of electronic services, which Serbia recognises. Radoja pointed out that Serbia has an office for IT and electronic administration, which provides online services on behalf of the state, emphasising that the state and the private sector should offer as many services as possible, but that the digital competences of citizens must be raised.

Mr Dejan Abazović (State Secretary at Ministry of Public Administration of Montenegro) explained that Montenegro adopted an identification and e-signature scheme in 2017 and the related regulatory framework is almost complete. A new concept has been developed recently with the aim to allow for the provision of better services for end users. Many laws must be changed to achieve full functionality of a digital society. The role of the government, Abazovic noted, is to ensure that every citizen of Montenegro possesses a material means via which he or she will be able to prove his or her identity electronically—all citizens will be provided with an electronic identity on new identification cards in the future.

Mr Slobodan Nedeljković (Assistant Minister and Head of Sector for Analytics, Telecommunications and Information Technologies in the Ministry of Interior of the Republic of Serbia) spoke about implementation of trust services in Serbia. The government liberalised the market of e-signatures and half a million Serbian citizens now have electronic certificates on their identity cards. One of the anticipated changes is cloud signature, and Nedeljkovic expressed confidence that the Ministry of Interior will be one of the certification bodies for cloud signatures.

Mr Steve Purser (Head of Core Operations Department at European Union Network and Information Security Agency (ENISA)) started by explaining that trust comes into play when no mechanisms control risk; trust is becoming a key concept in the digital world where it is impossible to control things. In the EU, every trust issue has three components: people, process, and technology. The EU has dedicated a lot of effort to building trust on the people level. At the process level, the focus is on incorporating trust in the workflows, while at the technical level, work is carried on, building on the eIDAs initiative. When it comes to trust-based services, the local implementation of global models is desirable. But building trust is a challenging process and the biggest problem can be framed as ‘nobody is trusted by everybody’. Purser concluded that trust is built face-to-face and in small communities. For the future, it would be better to take existing trust and build on top of it.

Mr Johan Hesse (Managing Director at Secunet International GmbH & Co KG) pointed out that in the physical world relying on something or someone tends to produce trust, which is not the case in the digital world. In his opinion, eIDAS serves as a prerequisite for reliability in the digital world. He also stated that security regulations recognised at the supranational level are necessary to ensure security in the digital world.

Mr Zoran Savić (CEO and founding partner of NetSeT Global Solutions d.o.o.) spoke about the difficulties in building national identification infrastructure. The biggest challenge is to make it highly secure and easy to use at the same time. The biggest question is how to establish an interoperative environment when derived identifications (based on the cloud and mobile identifications) are used. In his view, states and the private sector need to collaborate on solutions, which won’t be tailored solely to local levels.

By Andrijana Gavrilović