A White Book of proposals for a set of pan-European security standards in information technology were on the agenda at yesterday’s IT Sec meeting in Brussels. Representatives from the UK, Germany, France and Holland are proposing that the German Information Security Agency’s recently introduced Green Book of security standards be used as the basis of a European security standard combining confidentiality, integrity and availability, with the requirements of commercial computer manufacturers and users. Europeans have long argued that the US government’s Orange Book of security standards is tied too closely to military needs – it emphasises confidentiality – and that a security standard ought to be created which embraces the needs of civilian users. Representatives of US companies like DEC, Sun Microsystems, IBM and Trusted Information Systems, worried that such as standard will make it more difficult for them to sell into Europe are also at the meeting, although sources say they will be unable to influence the outcome. The White Book is likely to be a super-set of the US Orange Book, at a higher level of functionality – for example it will define how data can be transmitted across an insecure medium, rather than addressing particular encryption techniques. IT Sec is being sponsored by the Commission of the European Communities the four countries will forward the proposals to the Commission, hoping it will adopt the White Book as the basis of a Community-wide standard.
