News & Publications

Latest news

  • 13 September 2017 - Press releases

    A European ICT security certification and labelling framework: one step further towards a European cybersecurity strategy

    Eurosmart, the association representing the digital security industry, welcomes the adoption of a new European cybersecurity package, which includes a security certification and labelling framework.
    Given the proliferation of massive cyberattacks, such as Mirai in November 2016, WannaCry in May 2017, and Petya second wave in June 2017, a European Policy is needed in order to strengthen the Digital Agenda in Europe and the European Single Market both for consumers and the industry.
    “A secured physical network architecture is necessary to efficiently protect ICT systems for consumers, such as connected homes, and for industries, such as Industrial Internet and connected mobility”, stated Didier Sérodon, President of Eurosmart.
    IoT verticals are likely to expand in Europe. The number of connected devices is constantly increasing, due to the digitalization of components, systems and solutions, and an enhanced connectivity. This trend creates new opportunities for cyber offenders, especially because IoT devices are often not as well protected as traditional devices.
    Didier Sérodon sees European security standards as the adequate answer to these challenges. “European security standards across different IoT verticals can reduce development effort, time and budget for all industry participants in the value chain of connected products. Certified secure anchor from the European smart security industry are available in scalable dimensions and are used today in many verticals, such as finance, transport, healthcare, energy sectors and automatic border control systems. Many devices like Mobile Phones, PCs, Tablets, Gateways, Connector, On-Board-Units, Pay-TV Decoder, and so on, use smart card security technologies, as well as embedded security.”
    Hardware-based security products and solutions, together with security certification, have been a European success story for more than 20 years. These products and solutions are developed in accordance with the “Security by Design” principle. They offer, security, privacy and convenience to the consumer and the industry. This existing knowledge can be used to make IoT components and systems more secure and bring trust into the European Digital market.
    However, these private initiatives develop in a disorganised manner. There is a need for consistency among standards and certification schemes. Therefore, Eurosmart fully supports the Commission’s proposal for a cybersecurity act granting ENISA a key role as a cybersecurity agency with full operational capabilities. The creation of a European Cybersecurity Certification Group in the European cybersecurity framework is also welcome by Eurosmart as it will foster a better coordination of certification schemes.
    Nevertheless, Eurosmart highlights the need for vigilance in order to ensure a smooth transition towards European schemes. Once created, European cybersecurity certification schemes should respect high security and exigence levels. SOG-IS MRA’s requirements should remain the reference.
    Eurosmart remains committed to a sustained dialogue with the institutions and the stakeholders and is willing to positively contribute to this new framework.
    Read more
  • 11 September 2017 - News

    Draft communication on the new cybersecurity strategy

    Last week, Politico published a leaked version of a Commission’s draft communication on the new cybersecurity strategy. This document is likely to be officially released this week, together with a proposal for a regulation on security certification and labelling.
    The Commission states that it wants to encourage a cybersecurity single market through a cybersecurity certification and labelling framework. The framework schemes would be voluntary and, thus, would not create regulatory obligations for vendors nor providers. Nevertheless, some schemes might give rise to regulatory or legislative requirements. ENISA would be at the heart of this new certification and labelling framework.
    In addition, the Commission intends to foster the full implementation of the NIS Directive and will issue recommendations on Member States’ best practices. A permanent mandate will be conferred to ENISA, which will be entrusted with helping Member States in implementing the NIS Directive.
    Read more
  • 22 August 2017 - News

    ENISA wants to play a bigger role in responding to cybersecurity breaches

    According to Euractiv, ENISA addressed a 20-page document to the European Commission asking for more “centralised EU cybersecurity rules”, and advocating for the introduction of a certification system that would guarantee that connected devices are cyber secure.
    In the agency’s views, the Commission should be more proactive in setting technology standards, Europe should be “driving the marketplace rather than being pushed by vested interests”. This is why the European Union needs a “cybersecurity standards coordination body” adds ENISA in the document.
    For instance, the Commission should set up a programme in order to rank the cybersecurity level of products, such as Internet of Things (IoT) devices. The certification of IoT devices should be a lightweight process, whereas, high security applications, such as those used for electronic banking identity, should involve a complex certification process. ENISA’s director, Udo Helmbrecht, deems, this certification system should be legally binding and covers all EU countries. EU certification law should be pan-European and should concern services and skills, in addition to products.
    The agency also argues that it should be in charge of this certification programme in order to avoid fragmentation and duplication of resources. More generally, ENISA believes, it should have a bigger role in responding to cybersecurity breaches by becoming a “cybersecurity coordination hub”. ENISA would then provide support services such as threat analysis, trusted information exchange and advice on standards and certification practices. This would also mean increasing ENISA’s current budget.
    Read more

Latest publications

  • 11 September 2017- Position papers

    Eurosmart's answer to the Commission's inception impact assessment on certification and labelling

  • 02 February 2017- Position papers

    Cybersecurity in Europe

    Towards an Industrial Policy

    Security is a cornerstone when it comes to the protection of data and privacy. Recent cyber-attacks in the US have demonstrated that security by design represents a key objective in politics, for the industry and for citizens. However, for many users convenience is more important than security. This poses a challenge both for policy makers and the Smart Security Industry: combining quick, easy, and fast access to transactions with failsafe security. Trust is crucial for citizens to accept a European digital and mobile economy. The connected society in Europe is also dependent on how secure citizens feel about their digital identity.

    Download the position paper


    Read more
  • 28 November 2016- Position papers

    Eurosmart: Internet of Trust, Security and Privacy in the connected world

    Back in November 2009, Eurosmart published a white paper on the Smart M2M module. At that time, the association was anticipating a massive deployment of connected devices in several sectors of the industry, and claimed that our industry had the technologies to solve the security and privacy challenges at hand.

    We can now see that these forecasts are becoming a reality, with more than 3 billion devices already connected and 20 to 30 billion to be connected by 2020. Our position regarding security and privacy has not changed over the years, and the recent cyber-attacks have further increased our will to be even more proactive in the field of IoT security.

    Download and read our position paper


    Read more