„Decentralised and Remote Access to
Confidential Data in the ESS“
ESSnet DARA
Maurice Brandt, DESTATIS, Germany
ESSnet / ESS.VIP Workshop in Valencia, 23-24 January 2014
Modernisation of European Official Statistics
2
Outline 1. Introduction
2. Goals and Content of ESSnet DARA 3. Results of ESSnet DARA - Remote Access Pilot
3.1 Outlook ESSnet DARA 4. Administrative Issues 5. Outlook
3
1. Introduction
Increasing demand for statistical microdata
Access to national datasets in Member States (MS)
Access to EU statistics via Eurostat, (EU) No 557/2013
Request for detailed confidential microdata
For European statistics: access via Safe Centre in Luxembourg Very high barrier due to local constraints
Feasibility study: “ESSnet on Decentralised Access
to EU microdata sets” (2009-2010) Idea: set up a secure network of national Safe Centres
4
2. Content of ESSnet DARA
ESSnet on “Decentralised And Remote Access to confidential data in the ESS” (ESSnet DARA)
Project period: from October 2011 – November 2013
Partners Groupe des Écoles Nationales d'Économie et de Statistique, France Hungarian Central Statistical Office, Hungary Office for National Statistics, United Kingdom Instituto Nacional de Estatistica, Portugal State Statistical Institute Berlin-Brandenburg, Germany Federal Statistical Office, Destatis, Germany (co-ordinator)
Funded by the European Commission (70%)
Task: Implementation of a pilot of a Remote Access connection
from National Statistical Institute (NSI) Safe Centres to the EU statistics at Eurostat
WP1
Handbook for members of the ESS, especially Access Facility staff with description of workflow and accreditation criteria for Access Facilities
Handbook for Researchers on Remote Access to Confidential Data of the ESS
WP2
Concept of technical implementation and safety requirements for an European Remote Access System
WP3
Cost and benefit analysis
5
3. Results
WP4
Test results of DARA pilot implementation: Proof of concept with a remote access infrastructure with 5 access points in Europe to a central node in France (GENES) with a PUF
WP5
Dissemination of results to the ESS WP6
Final report with future recommendations
6
3. Results
Planned model for the pilot Tested DARA pilot model
8
German Management - Create projects - Create users - Enrolment - Output Checking
Hungarian Management - Create projects - Create users - Enrolment - Output Checking Portuguese Management
- Create projects - Create users - Enrolment - Output Checking
UK Management - Create projects - Create users - Enrolment - Output Checking
IT DESCRIPTION OF DARA PILOT CENTRALISED NETWORK OF RDC
9
10
11
3. IT infrastructure for Remote Access Description of the ESSnet DARA pilot until the Eurostat final implementation
12
Clear recommendation for European remote access: The DARA pilot with Eurostat as central node ! or a system that fulfills all defined user and security requirements, whereas the DARA pilot is an example that has been tested according to the specifications
There are still investments necessary for the final system at Eurostat Test of Eurostat implementation Connection of MS
Member States need to agree on a specific remote access system – this can be only the final implementation!
Accreditation of Access Facilities, starting with NSIs
Build up a circle of trust and competences for microdata access for scientific purposes in Europe
Strategy, roadmap and timeline for the next steps after DARA is needed soon
3.1 Outlook
14
What are the key aims of „Decentralised and Remote Access to Confidential Data in the ESS“ (DARA)? To which extent have the aims been fulfilled so far? The core of the ESSnet DARA project was to deliver a pilot for a remote access system to use confidential EU microdata from the safe centres in the Member States. From a project management point of view, the project was very
successful. Everything that has been announced in the project proposal has been done (incl. alternative pilot).
BUT: We haven‘t reached the actual goal: To connect the MS to Eurostat.
We made very good progress, we have produced very useful
deliverables, but we are still one step behind a remote access infrastrucure. This still needs to be done!
4. Administrative Issues
15
During the inception phase, were there other NSIs considering joining the project team, who did ultimately decide not to join? If so, were you informed about their rationale for not joining the project?
During the preparation of the project the NSI of the Netherlands (CBS)
and Italy (Istat) had been asked to join the project.
Due to the European economical crisis and budget cuts, the NSIs decided not to join the project for financial reasons, because the coverage by the EC is only 70%. (30% own contribution)
4. Administrative Issues
16
How has the project team communicated with other NSIs? Information about goals, progress and results at ESSnet workshops in
Cologne, Rome and Valencia
Information about the aim and progress of the DARA project for other NSIs at the „Directors General of the National Statistical Institutes” (DGINS) Conference 2012 in Prague
Information of researchers at project meetings in Lisbon and Budapest
Presentation and discussion of the DARA project at meetings of the Working Group on Statistical Confidentiality (WGSC) and IT WG 2012/13
Presentations at UNECE 2011/2013, OECD and scientific conferences
28 presentations have been given (please see list final report, chapter 6)
4. Administrative Issues
17
To you knowledge, have the deliverables of DARA - Decentralised and Remote Access to Confidential Data in the ESS been used (or are they likely to be used) across the ESS? Accreditation Guidelines for Access Facilities (AF) shall feed into
Guidelines of Reg. (EU) No 557/2013
Handbook for the ESS, how to use the system Handbook for researchers
List of user and security demands for a remote access system Proof of concept with the DARA pilot
ALSO: Many investigations that are valuable experience, but that will
not be used in the future
4. Administrative Issues
18
What is your opinion about the usefulness of the deliverables to the ESS? Do you know of other NSIs using, or planning to use some of the deliverables? If so, how? The NSI of Hungary (HCSO), decided after the experience with DARA
to start a remote access system for their microdata access on national level
Official National Statistics in UK, (ONS) is interested to use the technology as well
Destatis has started a pilot for remote access on national level
IPUMS-International is interested in the results of the DARA project to build up a remote access infrastructure
4. Administrative Issues
19
Design and structure of the project ESSnet DARA was depending on internal Eurostat project VIP-SICON The problem was not, that the internal Eurostat part was not ready on time The problem was communication, because the date for VIP-SICON was postponed from time to time and it was not made clear early enough that it is not possible to finalise it on time. Therefore, the work on the alternative pilot in DARA has started very late (Jan 2013)
4. Administrative Issues
20
2013 ESSnet project assessment report Evaluation of projects is important, necessary and helpful
Of course, evaluators will be supported with all information
Very unsatisfied about the procedure, how 2013 assessment was
carried out
Neither ESSnet project leaders nor Eurostat coordinators have been contacted during the evaluation
Results of the assessment are incorrect and misleading
It refers only to publications on the internet and not to the interim report itself with all deliverables
4. Administrative Issues
21
2013 ESSnet project assessment report
Intermediate results are not supposed to be published, only final results
For some WPs that are declared „missing“, was no delivery foreseen by midterm
Even for the final official publication by Eurostat, the coordinators have not been contacted for chance of clarification
No feedback from Eurostat or clarification, no willingness to take those wrong statements back
Positive: The procedure for 2014 assessment has improved with announcement and deadline to store final results on cros-portal
Very happy with „our“ project coordinator at Eurostat, Ms Bujnowska
4. Administrative Issues
22
Positive aspects
The work in ESSnet projects is considered as very important
ESSnets are necessary to handle the complex challenges in the ESS
It brings together experts and perspectives from different MS
It raises awareness for certain topics at the „home“ institution
NSIs can benefit from exchange with other experts and technologies
Democratic decision making is considered as very necessary, even when not always possible
4. Administrative Issues
23
ESSnet projects with interdependencies to other projects are very difficult to manage
Delays need to be announced early enough to have time to react
With the ESSnet DARA team it was possible to handle several difficult circumstances during the project phase
BUT the ESSnet projects are usually extra work for the project colleagues on top of their daily business
Assessment need to be communicated, what parts are expected to be published and when, otherwise it is demotivating for the whole team
Summary: Those results can’t be achieved by a single country, the collaboration and exchange of knowledge of MSs is needed
5. Outlook
Thank you for your attention
Decentralised and Remote access to Confidential Data in the ESS:
http://www.cros-portal.eu
Maurice Brandt
Federal Statistical Office Germany Research Data Centre
Tel. +49-611-75-4349
http://www.destatis.de http://www.forschungsdatenzentrum.de
25
Access point integration What is required to setup a Dara Box ?
It’s a plug and play dedicated (standalone) hardware an Internet access on port 443 to the identified central node: either
though the local network (can be isolated in a VLAN if mandatory) or through a dedicated broadband connection. Out of the box, the system is in DHCP mode, but IP settings can be set, a proxy
server,… That's all
Once setup, what is needed ? No user helpdesk No exploitation, maintenance : remote administration from central node A Dara-Box can easily be replaced : they’re all the same
What are the interactions with the local network ? No incoming connections allowed (integrated firewall) Dara-Boxes will only access the central node, no additional
communication other than what is needed to do so is established Where to place the Dara Box ?
Location requirements will be defined in guidelines
ESSnet / ESS.VIP Workshop in Valencia,� 23-24 January 2014�Modernisation of European Official Statistics���Outline�1. Introduction2. Content of ESSnet DARA3. Results3. ResultsFoliennummer 7Foliennummer 8Foliennummer 9Foliennummer 10Foliennummer 11Foliennummer 12Foliennummer 13Foliennummer 14Foliennummer 15Foliennummer 16Foliennummer 17Foliennummer 18Foliennummer 19Foliennummer 20Foliennummer 21Foliennummer 22Foliennummer 23Foliennummer 24 Access point integration