Estonian IT security chief: "I don't want to use American encryption anymore"

During a panel discussion at the Forum for International Cybersecurity (FIC) in Lille, a leading Estonian cybersecurity expert has called for Europe to abandon American systems of encryption.

Jaan Priisalu, the director general of Estonian Information System's Authority, said "I don't want to use the American standard anymore. Let's develop a European form of encryption."

The comments come amid a scandal in which RSA was reported to have received $10 million to install a back door in their encryption for the American National Security Agency.

Among the problems Priisalu identified were the increasing length of RSA encryption keys.

"It is clear that the keys for RSA are ridiculously long already," he said.

He suggested that Elliptic Curve Crytpography (ECC) could be a way forward in the future, but that the proliferation of patent applications had made it a thorny issue.

"A possible next step after the RSA would be Elliptic Curve Cryptography," he said. "However, there are actually 294 patent applications for ECC methods in Europe and each of them could be applied in Estonia if need be."

Priisalu also urged governments to recognise "the need for enforced legislation on banks' cooperation on cyber security."

"We need cyber security because our dependence level is so high," he argued, "Without computers, society begins to collapse. We did a study and found that in terms of critical infrastructure like hospitals and emergency services, 90 per cent of services are dependent in some way on IT."

Complete IT dependency could become a problem in the future, he claimed.

"In terms of IT, there is no low tech solution anymore. Up to 30 per cent of these critical services simply don't work at all if there is an IT failure."

"When you create a dependency for society on your services, you have to pay the price," he went on, "and that price is properly securing your IT networks."

"It's government's task to regulate services," Priisalu added to finish. "And they have to do so on behalf of the private sector."

More from FIC 2014:

Prominent lawyer: Does the cloud have international borders?

US Navy professor defends PRISM, calls Internet "a lawless frontier"

French defence minister calls for unified front against cyber crime

Palo Alto director: "We could see AI in antivirus in the next 5-10 years"

FireEye expert: Analysing the "flow of data" is the only way to detect new threats

404

Sorry! Page not found.

The article you requested has either been moved or removed from the site.