|
|
Frequently Asked Questions |
|
|
What is SUPHICESUPHICE stands for Secure Unplanned Provisioning of High Integrity Communications for Europe. SUPHICE is one of seven projects being undertaken on behalf of the European Union under the Preparatory Action for Security Research 2004 (PASR 2004). The preparatory action is a three year precursor to a full European programme of security research (ESRP) expected to be undertaken by the Commission from 2007 onwards. The SUPHICE programme is a research programme funded by the EU that is doing work to help resolve the rapid deployment of communications systems that are either classified or where the obligation to handle information such as personal details is strongly controlled by multiple legislative frameworks. SUPHICE is setting out to achieve progress in a number of areas. First, the SUPHICE consortium will demonstrate the implementation of an algorithm suitable for EU use in a SECRET environment and the evaluation and certification of that implementation under the EU's CISPS process. Secondly, the consortium is conscious that many members of the EU are also members of NATO and thus need to find ways to protect the information of each organisation in their national systems that are consistent in each case with the policy requirements of the organisation in question. SUPHICE will seek to demonstrate that it is possible to achieve this with the same cryptographic product without contravening EU or NATO policy or Directives. SUPHICE is also conscious that one of the impediments to a European market for cryptos is the understandable need of individual member state authorities to validate equipment for their national use. Accordingly the consortium will seek to remove this impediment by exploring how far it is possible to deliver a product the overall design of which is unclassified and not the property of one nation. Secondly, SUPHICE will demonstrate the deployment of High Integrity communications security using policy based management and web based techniques including UDDI, WSDL and BPEL. As part of this exercise it is the intention of the consortium to develop XML based standards that are applicable to the rapid deployment of crypto systems across national borders. Thirdly, SUPHICE will provide a forum for the National Technical Infosec Authorities of Member States to explore the practical applicability of these approaches and how they might achieve approval. As part of this, the consortium will seek to facilitate the active involvement of Member States' Technical Infosec Authorities in the formulation of European Security Research programmes and thus their ability to influence them. Further information on the European Union security programme can be found at http://europa.eu.int/comm/enterprise/security/faqs_en.htm Who is involved in SUPHICE?The SUPHICE project is run on behalf of the European Union by a multinational consortium currently comprising:
The SUPHICE consortium is also grateful for the interest shown by the National Technical Infosec Authorities of a number of Member States of the European Union. Where can I learn more about SUPHICE and support the project?This website contains publicly available information and pointers to the various national sites supported by the programme. Information on SUPHICE and its place in the overall programme of European Security research may be obtained from the Commission of the European Union's security research page. We are a public authority interested in the problems how can I learn more?The SUPHICE consortium is in the process of briefing National Authorities and significant governmental organisations throughout Europe. If for some reason you have not been contacted yet please contact the SUPHICE coordinator by email. I am a company involved in security can we joint the SUPHICE consortium?It is the intention of the SUPHICE consortium throughout the lifetime of this programme to be open to requests of this sort from appropriately qualified industrial partners. Additional partners are normally expected to provide additional capability that will continue to strengthen the consortium; typical capabilities that may be expected to strengthen the consortium include expertise in dynamic security systems, vertical markets or presence in Member States in which the consortium is not locally represented. Acceptance of new partners is at the discretion of the European Union and the current consortium members. Requests from potential additional partners to the SUPHICE consortium should be forwarded by email to the SUPHICE coordinator. What is CISPS and what are AQUAs?CISPS is the EU Council Infosec Selection and Procurement Scheme. This was established in January 2003 under the auspices of the Infosec Authority of the General Secretariat of the Council and of the Council Security Committee (Infosec), and sets out the procedures to be adopted for the procurement of cryptographic products intended for use to protect EU classified information. These procedures include second evaluation of such products by an Appropriately Qualified Authority (AQUA) in another EU Member State. To become an AQUA an organisation must meet a number of rigorous criteria demonstrating that it has the experience and that it has in place the facilities and procedures to conduct such second evaluations securely and effectively. |
This page last updated: 3/10/05 8:57 by Morrey