13 September 2017 -
Eurosmart, the association representing the digital security industry, welcomes the adoption of a new European cybersecurity package, which includes a security certification and labelling framework.
Given the proliferation of massive cyberattacks, such as Mirai in November 2016, WannaCry in May 2017, and Petya second wave in June 2017, a European Policy is needed in order to strengthen the Digital Agenda in Europe and the European Single Market both for consumers and the industry.
“A secured physical network architecture is necessary to efficiently protect ICT systems for consumers, such as connected homes, and for industries, such as Industrial Internet and connected mobility”, stated Didier Sérodon, President of Eurosmart.
IoT verticals are likely to expand in Europe. The number of connected devices is constantly increasing, due to the digitalization of components, systems and solutions, and an enhanced connectivity. This trend creates new opportunities for cyber offenders, especially because IoT devices are often not as well protected as traditional devices.
Didier Sérodon sees European security standards as the adequate answer to these challenges. “European security standards across different IoT verticals can reduce development effort, time and budget for all industry participants in the value chain of connected products. Certified secure anchor from the European smart security industry are available in scalable dimensions and are used today in many verticals, such as finance, transport, healthcare, energy sectors and automatic border control systems. Many devices like Mobile Phones, PCs, Tablets, Gateways, Connector, On-Board-Units, Pay-TV Decoder, and so on, use smart card security technologies, as well as embedded security.”
Hardware-based security products and solutions, together with security certification, have been a European success story for more than 20 years. These products and solutions are developed in accordance with the “Security by Design” principle. They offer, security, privacy and convenience to the consumer and the industry. This existing knowledge can be used to make IoT components and systems more secure and bring trust into the European Digital market.
However, these private initiatives develop in a disorganised manner. There is a need for consistency among standards and certification schemes. Therefore, Eurosmart fully supports the Commission’s proposal for a cybersecurity act granting ENISA a key role as a cybersecurity agency with full operational capabilities. The creation of a European Cybersecurity Certification Group in the European cybersecurity framework is also welcome by Eurosmart as it will foster a better coordination of certification schemes.
Nevertheless, Eurosmart highlights the need for vigilance in order to ensure a smooth transition towards European schemes. Once created, European cybersecurity certification schemes should respect high security and exigence levels. SOG-IS MRA’s requirements should remain the reference.
Eurosmart remains committed to a sustained dialogue with the institutions and the stakeholders and is willing to positively contribute to this new framework.Read more
22 August 2017 -
According to Euractiv
, ENISA addressed a 20-page document to the European Commission asking for more “centralised EU cybersecurity rules”, and advocating for the introduction of a certification system that would guarantee that connected devices are cyber secure.
In the agency’s views, the Commission should be more proactive in setting technology standards, Europe should be “driving the marketplace rather than being pushed by vested interests”. This is why the European Union needs a “cybersecurity standards coordination body” adds ENISA in the document.
For instance, the Commission should set up a programme in order to rank the cybersecurity level of products, such as Internet of Things (IoT) devices. The certification of IoT devices should be a lightweight process, whereas, high security applications, such as those used for electronic banking identity, should involve a complex certification process. ENISA’s director, Udo Helmbrecht, deems, this certification system should be legally binding and covers all EU countries. EU certification law should be pan-European and should concern services and skills, in addition to products.
The agency also argues that it should be in charge of this certification programme in order to avoid fragmentation and duplication of resources. More generally, ENISA believes, it should have a bigger role in responding to cybersecurity breaches by becoming a “cybersecurity coordination hub”. ENISA would then provide support services such as threat analysis, trusted information exchange and advice on standards and certification practices. This would also mean increasing ENISA’s current budget.Read more