International Partnerships
The engagement in terms of openness to cooperation at the international level, and particularly in the European area, is addressed as a key concern of A-SIT’s efforts. With a focus on the critical role of effective and efficient cooperation based on trustworthy relationships, the scientific debate in the field of IT security is particularly pushing forward. As a result, A-SIT is committed to develop international cooperation in order to build and maintain an outstanding basis of trust in terms of confidentiality and integrity.
The outlook of both trust and reliability is an important success factor to strengthen the competitiveness in challenging economic areas. It addresses central building blocks in particular in the complex subject of IT security to solve interdisciplinary challenges together. To improve both the confidentiality and the integrity in the actors, A-SIT builds solid bridges to accomplish the exchange of innovative knowledge, produce up-to-date know how and elicit far-reaching competencies beyond regional boundaries. This is how A-SIT constructs appropriate answers in order to deliver potential solutions early on. As a result, A-SIT delivers positive impulses to achieve common objectives for our future. Furthermore, A-SIT contributes to the continuous improvement of processes and techniques in the IT security domain for our society. As a result, our international efforts in terms of cooperation accelerate mutual support on a trust basis.
A-SIT delivers solutions to achieve measurable benefits and competitive advantages for its clients on the basis of both objective and measurable criteria. Therefore, A-SIT‘s applies scientific techniques that are based on recognized standards and international best practices. Moreover, it has the following objectives in mind:
- Pro-active contributions in organizational, legal and technical concerns, primarily in the IT security domain
- Maintain dissemination and distribution of experiences and know how in particular for digital identities and electronic signatures
- Sharing common interests and propose common practices
- Address know how exchange e.g. in particular in terms of e-government projects
- Allocate efforts for collaborations in European and international committees
- Build trustworthy relationships to coordinate and engineer the implementation of international projects as well as the preparation and the construction of research studies
- Execute joint organization of congresses, seminars and events
- Assist in security-related projects
- Exercise forward-looking contributions to jointly develop answers to resolve technical and organizational questions about IT security
REGULAR DACH-REGION-INFORMATION-EXCHANGE
- Federal Office for Information Security (BSI)
- Deutschland sicher im Netz (DsiN)
- Federal IT Steering Unit (ISB)
EU-AGENCIES & GOVERNMENT-ORGANIZATIONS
- ANSSI. Cooperation in the information technology (IT) domain with the ANSSI (Agence nationale de la sécurité des systèmes d’information Luxembourg) for state of the art discussions about experiences and know how exchange as well as consolidated contributions in European committees. This includes in particular the collaboration in terms of the development of IT security standards as well as engineering solutions to obtain security certificates based on recognized standards.
- ENISA. Official representation in the Management Board of the ENISA (i.e. European Network and Information Secuity Agency) and technical cooperation (e.g. cryptographic techniques, research studies etc.).
- SOG-IS. Representing Austria in the Management Committee of the SOG-IS Mutual Recognition Agreement of Information Technology Security Evaluation Certificates.
COMMITTEES, WORKING-GROUPS UND COMITOLOGY
- Common Criteria. Official representation in the Management Board of the Common Criteria Mutual Recognition Agreements.
- EESSI. Contributions to the European Electronic Signature Standardization Initiative in the development of European standards, such as: In the expert group “Algorithms and Procedures for Secure Signatures” or in the corresponding activities of the European Committee for Standardization: “Protection Profiles for Secure Signature Creation Units” and “Protection Profiles for Trustworthy Systems of the Certification Service Providers”.
- eIDAS. Participating in expert groups and the cooperation network of eIDAS.
- Participation and collaboration in the Network and Information Security Steering Group of the ICT Standard Board.
- OECD Crypto Policy. Contributions to the Expert Group Cryptography in the preliminary preparation of the OECD Guidelines on Cryptography.
- UNCITRAL Model Law. Provide knowledge as a member of the Austrian delegation to the United Nations Commission on International Trade Law in the sessions on the Model Law on Electronic Signatures.
EU-PROJECTS & TREND-SETTING RESEARCH STUDIES
- POTENTIAL (since 2023) is a Large Scale Pilot that is co-funded by the European Commission. The objective is to test the European Digital Identity Framework “EUDI Wallet” between 19 states and in 6 Use Cases (eGovernment, account opening, SIM registration, mobile driving license, qualified electronic signature, ePrescription). A-SIT is leading the use case qualified electronic signature and coordinates the Austrian participation through a national consortium consisting of 13 Austrian organisations. The funded EU project “POTENTIAL” deals with the development of an EU Digital Identity Wallet (EUDI) in conjunction with the proposed European regulation on digital identities. It is a so-called “large scale pilot” (LSP) project. This LSP is used to develop technical specifications in coordination with the technical architecture and reference framework (ARF) for the EU Digital Identity Wallet and to test a software prototype. The ARF is created as part of a toolbox with the eIDAS Expert Group. That means that in the future it will be possible to provide identification to authorities or companies in the digital space using for instance smartphones or tablets by using this wallet app. This means that it should be possible to identify users in order to, for instance open up a bank account or to electronically sign documents in a qualified manner, i.e., with legal status compared to that of a handwritten signature. Other use cases include identification such as an official photo ID, and the processing of official procedures (e.g. applying for a birth certificate or criminal record). A digital drivers license or a proof of age should also be implemented across Europe.
- Biometrics Deployment Study. On behalf of the IPTS (i.e. the Institute for Prospective Technological Studies, Seville), a research study was drawn up for the European Commission with the objective of exploring, assessing and presenting the state of the art in terms of large-scale biometric systems both implemented and emerging in Europe.
- SUNFISH-EU-Project. The SUNFISH project was a research project funded by the EU. It was integrated into the EU Framework Program for Research and Innovation, HORIZON-2020. This pioneering project built breakthrough solutions in terms of secure cloud technology for applications in critical government sectors. As a consequence, its developed solutions are based on blockchain technologies. For the first time, SUNFISH delivered novel results to set up a comprehensive framework to federating cloud environments. The result of that is Federation as a Service (FaaS). The constructed consortium comprises 11 organizations from 6 countries. As a result, it has successfully implemented several pilot systems. A-SIT led the work package in terms of requirements analysis. Moreover, A-SIT developed the results for systematic requirements engineering and derived innovative security requirements.
- FutureTrust EU-Project. FutureTrust addresses the need for globally interoperable solutions w.r.t. the foundations of trustworthy systems in terms of the requirements pursuant to the eIDAS-regulation (EU) Nr. 910/2014. FutureTrust´s results particularly strengthen the practical implementation of eIDAS in Europe and beyond. The FutureTrust-project consortium amounts at total 16 partners from 10 individual countries. It is coordinated by the Ruhr-University Bochum in Germany. A-SIT collaborates to the development of Trust Services Evaluation Criteria by contributing its profound expertise and practical experience from being a notified body under the Signature Directive and its involvement into the eIDAS Expert Group (WP2). As a result, A-SIT derived an evaluation scheme for trustworthy services. Moreover, A-SIT develops a methodology in terms of the evaluation and impact analysis of pilot systems and conducts the subsequent evaluation (WP5).
- ENISA-Research-Study. A-SIT contributed profound knowledge to a recent ENISA-study about the topic “Incident Analysis: Cryptographic Vulnerability in Smart Cards”. It explores vulnerabilities in the area of cryptographic functions. Besides, this comprehensive study was created in close cooperation with international partners on this far reaching topic with regard to the technical quality of smart card security.
ENTERPRISES FROM THE PRIVATE SECTOR
Pursuant to the self-imposed basic conditions, A-SIT complies with strict but fair confidentiality agreements (i.e. Non-Disclosure-Agreements – NDA). This holds particularly for projects of a critical nature (e.g. development of new technologies, engineering of innovative products or creating protected know-how, etc.) from the private sector. Therefore, it is unfortunately not possible to communicate further details. However, if and only if a cooperation partner requests, A-SIT will gladly contribute to the publication or communication of individually agreed and personally authorized details.
A-SIT’s international relations assist to adopt proven methods and to constantly optimize theories, concepts and strategies based on international best practices. This makes it possible for A-SIT, in cooperation with successful international partner organizations, to jointly achieve high-quality and comprehensible results in the field of technical standardization or the practical implementation of technical processes.