Search form

Cyber-procurement is a challenge in the European institutions as well as in Member State municipalities

The European Parliament has proposed a lot of good remedies for the present ICT procurement practises of European institutions in its discharge reports yesterday.

Some concrete proposals that went through with large majority include:

  • An ICT security audit of all the ICT applications and their compilations chains, plus source code review. (Paragraphs 89, 90 and 98 here).
  • A request for a roadmap to remedy the problems discovered including cost estimates, time estimates and staff requirements. (Paragraph 98, above)
  • Re-initialisation of the Linux desktop project, as well as a large emphasis on open source and the use of open standards. (Paragraphs 91, 95 and 99 here and paragraph 299 here)
  • Better cooperation between the Parliament and the Commission in making projects for better use of open infrastructures (Paragraph 92 in the same document)
  • A call for the Commission to make procurement based on functional specifications rather than vendor-specific brand name lists. (Paragraph 301 here)
  • A call for the Commission to reduce the size of their ICT procurement contracts, for them to actually get a chance to understand what they need/want. (Paragraph 302 here)

We've recommended the Commission to make their cyberprocurement contracts smaller. We must also start considering what features we actually want to work with, rather than the specific vendors we wish to be paying. Open source projects advanced by the European Parliament administration in line with our work requirements have been immensely useful to parliamentarians and their staff members. The Commission is now urged to work with the Parliament for the development of transparent, open source and useable ICT tools.

While the Commission produces many valuable guides on procurements and open standards, in practise they don't allow for European civil servants to operate in an open cyberenvironment. The Parliament requesting a concrete roadmap for change should end up being valuable both for European democracy and industries.

Until December 1st 2014 the European Parliament administration should make an independent third party ICT security audit, including a source code review of all its applications. In practise, since two thirds of all our software products come from Microsoft, this is a good opportunity for the Parliament to test the sincerity of the Transparency Centres launched by Microsoft last year at the Munich Security Conference. Luckily I've had a lot of positive feedback on this from the parliament administration, and I'm certain that this will be a welcome addition to the parliament's struggle to enhance confidence in ICT infrastructures.

Comments

Add new comment