On 30th of May the Council issued its general approach on the Cybersecurity act which is currently examined by the ITRE Committee of the European Parliament.
Eurosmart, the voice of the European Digital Security industry, welcomes the Council proposal to carry out mandatory penetration testing (also known as Ethical Hacking) for assurance level “high” while evaluating the resistance level to potential attack of a product or a service.
Penetration testing or ethical hacking is the only rigorous way to evaluate the robustness of an ICT product and to check that the necessary security functionalities referring to the state-of-the-art are correctly implemented.
“Our digital world is more and more interconnected, it processes a huge quantity of sensitive personal data. The Cybersecurity act must consciously tackle these evolving risks.” – explained Stefane Mouille, President of Eurosmart. “Products and services are continuously exposed to the threat of high skilled malicious attackers who can exploit unchecked vulnerabilities. The European Cybersecurity model cannot suffer from a lack of seriousness when evaluating products, with no strategic ethical hacking process the detection of ICT product vulnerabilities remains impossible. Such vulnerabilities undermine the European cybersecurity which would run the risk of massive Cyberattacks.”
The Digital Security Industry has a long track record in performing ethical hacking while evaluating their products. Eurosmart is one of the founding father of SOG-IS, coordinating the development of high level certificates. Therefore, Ethical hacking is a proof of excellence of the Digital Security Industry in Europe as well as a unique asset for European players in a global market.
Eurosmart urges the European Parliament and the members of ITRE Committee to take penetration testing and ethical hacking into consideration and to extend it to level “substantial”. This is a fundamental element to make the European Digital single market the safest possible environment both for citizens and for the Industry.
Ethical Hacking (pen-testing – penetration testing) is the act of locating weaknesses and vulnerabilities of devices and information systems by anticipating the intent, actions and skills of malicious hackers. Ethical Hacking is done on a defensive purpose with the objective to improve the security of devices and information systems, and to give assurance that they will resist to attacks with similar intent, actions and skills once released and operated.