Why national security requires coordination and how GDPR plays a role
Attempts to breach information national security defences occur frequently and require more and more effort to combat while the General Data Protection Regulation (GDPR) will from May 25, 2018 place considerable pressure on companies and organizations to manage these risks with already strained IT resources.
A recently published study on information security for vital public services, (SOU 2017:36), established that coordination and cooperation are required in order to achieve adequate levels of national security within a reasonable time frame. Developing each individual activity in isolation would mean less overall security and require additional resources.
Some organisations however choose to try to issue e-identities and introduce LoA 3 on their own, without taking advantage of available existing joint initiatives. Going alone means it is tougher to maintain a high level of confidence that other organizations can trust and missing out on the opportunity to share costs and experiences with others in the same position.
Over the past sixteen years, SecMaker has methodically and consistently helped the public sector to advance and develop its IT security infrastructure. This includes SecMaker being a supplier of SITHS in the healthcare sector and MCA to Försäkringskassan [the Swedish Social Insurance Agency]. A new national identification service should now make it even easier for the public sector to introduce a common solution in authentication and identity management.
Inera and the Social Insurance Agency have procured the new service jointly and it will replace both SITHS and MCA. It will be known as EFOS (E-identitet för offentlig sektor – E-identity for the public sector) and will provide PKI and digital certificates in a streamlined service that will be available to the entire public sector in Sweden. SecMaker’s responsibility covers four critical components of the service:
- Client programs for reading and managing certificates
- A modern administration interface for managing smart cards and certificates
- A mobile platform
- Making it easy for application providers to add support for smart cards and certificates within their services.
Although the E-identity for the public sector will be launched in Q1 2018, already systems and app developers have started to integrate it into their services.