Security -- an Obstacle for large-scale Projects and eGovernment? presented at DeepSec 2007

by Thomas Maus,

Summary : This talk tries to take up again a thread, which was completely lost in the tumultuous public reception of a 21C3 talk: Security is a fundamental quality dimension of information systems, a conditio sine qua non for long-term acceptance both of any large-scale project and information technology in general, an imperative prerequisite for critical infrastructures as well as any legislative obligation of free citizens to use eGovernment. As eHealth projects concentrate and amplify all conceivable challenges of large-scale IT projects they will serve as an excellent magnifying glass. Alas, experience shows, they are a dangerous target of investigation: Some believe them to be the panacea of modern health care. They are object of fervent dispute, and seem to serve many (hidden?) agendas, at least as an opportunity to place some hype-tech, and make much money. Starting with some (time-proven) worrying findings from German eHealth projects, we will follow their reception by the public, stakeholders, and government, as well as the further development. Widening our scope by and by, we try do find some generic patterns, and what we might learn from theses messes: * on a personal level as managers, technicians or security experts * for large-scale projects in companies and governments * as society, structuring and controlling our dependency on information systems