Tag Archives: Liisa Past

ID card “The Lessons We Learned” conference

Estonian Information System Authority (RIA) is organising an international conference on 9th of May in 2018 in Tallinn (Tallinn Creative Hub – Kultuurikatel) to discuss the impact and consequences of the security risk found in the Infineon chips in autumn 2017 by the researchers at Masaryk University in the Czech Republic.

The aim of this conference is to bring together parties affected by the security risk to discuss our lessons, experiences and responsibility, because the security flaw affected many companies and countries in Europe as well as elsewhere in the world. If possible, we aim to agree on a joint plan of follow-up activities or a memorandum to provide input to different authorities who establish regulative rules. Researchers from Masaryk University have announced their participation in the conference – they will make an opening presentation about their research.

The conference is aimed at policymakers as well as specialists in the eID field, opinion leaders, representatives of authorities and companies that are dependent on the functioning of Estonian ID-cards and e-services, developers of e-government and IT systems, and other parties related to the issue from both Estonia and Europe.

Agenda:
09.30-10.00 Delegate registration opens. Welcome coffee
10.00-11.30 Welcome and Opening of the Conference / Session 1
• Welcome speech by the Prime Minister Jüri Ratas
• The goal of the research (ROCA vulnerability ) – Petr Svenda, the University of Masaryk
• The global influence and the distinctness on Estonian ID-card and its use – Taimar Peterkop, the head of Information System Authority
• The examples of actions of different countries – Ulrich Latzenhofer, Austrian Regulatory Authority for Broadcasting and Telecommunications
11.30-12.00 Coffee break
12.00-13.30 Session 2
• Lessons we learned (Estonia) – Rain Ottis, Tallinn University of Technology
• Discussion „What went wrong? What can we do better in the future? Expert panel, lead by Rain Ottis.
13.30-14.30 Lunch
14.30-16.00 Session 3
• eIDAS perspective of the ROCA vulnerability – Marnix Dekker, ENISA
• Open risk management – Ilmar Raag, film editor
• The lessons we learned (global) – Liisa Past, Information System Authority, analyst
16.00-16.30 Conference conclusion by moderator Andres Kütt
16.30-17.30 Goodbye coffee and networking

Links:
https://lessonslearned.publicon.ee/conference-agenda/

Liisa Past, Kaur Virunurm: E-State and Proactive Risk Management

The presentation was given in cybersecurity conference “Cyberchess 2017” held on October 5, 2017 in Riga. The presentation touched upon the recent events such as i-voting and the flaw found in the ID card chip.

The last question from the audience was worth a dime:

Is PPA considering any legal action against the vendor, because, as I understand, you have been informed by the researchers, but the vendor has not informed you.
And the second one: in the new procurement, what are are the lessons learned? Are you planing to change or include some clauses on liability?

The question was not answered in full, but the answer would be interesting indeed.

Links:
https://www.youtube.com/watch?v=6N_ZeFDNzvg
https://cert.lv/uploads/pasakumi/liisapastkaurvirunurm.pdf