|
Internet of Things
-Develop a European standard for cyber security compliance of products that is aligned with the current compliance framework of organisations based on ISO 270xx and the GDPR regulation. Preferably the standard could be used to harmonise the requirements set out in the NIS directive.
-Standards Development Organisation (SDOs) to assess gaps and develop standards on safety and cybersecurity of IoT consumer products under the European Cybersecurity Act or sectorial legislation.
-SDOs should consider further inclusion of and outreach to verticals.
Cybersecurity/network and information security
-SDOs to develop standards for critical infrastructure protection and thus in support of and responding to the requirements laid down in the NIS Directive.
-SDOs to assess existing standards required to support the European Cyber-security Certification Framework to ensure that standards are available for providing the core of any certification activity. In particular, SDOs are encouraged to work on standards related to the specification and assessment of security properties in ICT products and services as well as those related to security in processes related to the design, development, delivery and maintenance of an ICT product or service.
-SDOs to investigate the issue of malware on personal computers. ENISA has concluded that many personal computers contain malware that can monitor (financial) transactions. As we are becoming increasingly dependent on eBusiness and e-transactions, a European initiative should investigate this topic.
-SDOs to investigate requirements for secure protocols for networks of highly constrained devices and heavily constrained protocol interaction (low bandwidth/ultra-short session duration (50ms)/low processing capabilities).
-SDOs to investigate the availability of standards as regards to the security and incident notification requirements for digital service providers as defined in the NIS Directive.
-SDOs to develop a “guided” version of ISO/IEC 270xx series (information security management systems including specific activity domains) specifically addressed to SMEs, possibly coordinating with ISO/IEC JTC1 SC27 WG1 to extend the existing guidance laid out in ISO/IEC 27003. This guidance should be 100% compatible with ISO/IEC 270xx and help SMEs to practically apply it, including in scarce resource and competence scenarios.
-SDOs to assess gaps and develop standards on cybersecurity of consumer products in support of possible certification schemes completed under the European Cybersecurity Act.
Electronic identification and trust services including e-signatures
-Build on the work done under Mandate M/460, in the following way: address the trust service providers (TSP) providing signature creation services, the TSPs providing signature validation services, and standards for trust application service providers. Support harmonisation of identity proofing, particularly in relation certificate issuance and remote signing.
-Take ongoing EU policy activities into account in standardisation, e.g. in ISO/IEC JTC 1/SC 27/WG 5 (identity management and privacy technologies) and other working groups of ISO/IEC JTC 1/SC 27. Furthermore, in order to promote the strengths of the European approach to electronic identification and trust services at global level and to foster mutual recognition of electronic identification and trust services with non-EU countries, European and international standards should be aligned wherever possible. The promotion and maintenance of related European approaches, which especially take into account data protection considerations, in international standards should be supported.
-Support and improve the development of interoperable standards by facilitating the organisation of plugtests (interoperability events) and developing and enhancing conformity testing tools. Such interoperability events may address CAdES, XAdES, PAdES, ASiC, use of trusted lists, signature validation, remote signature creation and validation, e-delivery services, preservation services, etc.
Artificial intelligence
-Foster coordination and interaction of all stakeholders in providing European requirements for AI, e.g. based on the work of the AI High Level Expert Group, Members States initiatives, OECD etc. Encourage the development of shared visions as a basis for input and requirements to standardisation.
-SDOs should coordinate their efforts on AI standardisation in Europe and internationally, especially ISO/IEC JTC 1 SC 42.
-SDOs should establish coordinated linkages with, and consider European requirements from, initiatives, including policy initiatives, and organisations contributing to the discourse on AI standardisation. This in particular includes the results of the EU HLEG on AI and also the European Parliament, Member States’ initiatives, Council of Europe, and others.
-SDOs to consider cybersecurity and related aspects of artificial intelligence, to identify gaps and develop the necessary standards on safety, privacy and security of artificial intelligence, to protect against malicious artificial intelligence and to use artificial intelligence to protect against cyber-attacks.
-Within the AI4EU initiative, identify leading open source activities which complement standardisation work and analyse to what extend they respond to EU requirements. Where useful establish dialogue, liaisons or partnerships with such open source projects.
e-Health
-For the further development of the citizens’ electronic health records, evaluate and address standardisation needs of high relevance for the citizen in technical reports and beyond regarding terminological and technological profiles for the cross-border digital single European market.
-Evaluate the needs, produce a report on necessary key types of identifiers and identification processes needed as components in a European eHealth digital single market.
eCall
-SDOs to develop technical specification and standards for the implementation of eCall in vehicles of categories other than M1 and N1 and for other user types, taking into account requirements included within type-approval regulation and ongoing activities in this area (pilots, the Connecting Europe Facility (CEF), etc).
-SDOs to lay down physical and operating requirements for aftermarket in-vehicle devices.
-SDOs to draft guidelines on certification of eCall Systems including aftermarket in-vehicle devices.
-SDOs to provide conformance and performance tests to the recently developed standards for packet-switched networks (HLAP E-UTRAN — LTE/4G and migration to further generations by use of an IMS sublayer).
-SDOs to develop conformance and performance tests for recently developed technical specifications / standards for the provision of the eCall service eCall via shared vehicle platforms (C-ITS).
-SDOs to produce detailed conformity test specifications in support of certification schemes and periodic testing on IVS equipment.
Blockchain and distributed digital ledger technologies
-Identify use cases which are relevant for EU (including EU regulatory requirements like from GDPR, ePrivacy, eIDAS, TOOP, etc..) and submit them to relevant standardisation bodies, including CEN-CENELEC and ETSI, and also ISO, ITU).
-Identify actual blockchain/DLT implementations in the EU and assess the need for standardisation, harmonisation and workforce training or adaptation.
-Standardisation of the operation and reference implementation of permissioned distributed ledgers and distributed applications, with the purpose of creating an open ecosystem of industrial interoperable solutions.
-SDOs active in blockchain/DLT standardisation to liaise and coordinate to take advantage of synergies and maximise resources, including with relevant public and private partnerships.
-A general framework for Governance of the European networks based on DLT should be developed to allow the flow of smart contracts between different networks.
Smart grids and smart meters
-The EC is developing a comprehensive energy-sector strategy on how to reinforce the implementation of the NIS directive at energy sector level and also foster synergies between the Energy Union and the Digital Single Market agendas. In addition, a Work Stream on energy has been created under the Cooperation Group of the NIS Directive.
ICT environmental impact
-Definition of Global KPIs for Energy Management of Fixed and Mobile access, and Core networks, as per Mandate M/462.
-Guidelines for the use of Global KPIs for Data Centres as per Mandate M/462.
-Definition of Global KPIs for Data Services as per Mandate M/462.
-Guidelines for the definition of Green Data Services.
-Definition and guidelines of KPIs for ICT networks as per Mandate M/462.
Intelligent transport systems - cooperative, connected and automated mobility (ITS-CCAM) and electromobility
-SDOs to investigate security aspects of cooperative, connected and Automated Mobility (CCAM) and intelligent transportation systems. SDOs are invited to analyse the evolution of C-ITS ‘Day1’ standards from a security angle to support automated vehicles design and deployment. In particular, SDOs are invited to expand standards based on the already defined C-ITS security mechanisms to achieve appropriate levels of authenticity and integrity of messages being exchanged between fixed and mobile C-ITS stations for higher levels of automation use cases. Standards shall provide suitable mechanisms to support C-ITS services going beyond information services, building upon the C-ITS certificate & security policy published on the European C-ITS Point of Contact for the implementation of the EU C-ITS security credential management system according to COM (2016) 766 and COM(2018)283.
-In addition, to perform a mapping and the respective gap analysis in the context and the respective work of the foreseen ISA/SAE 21434 standard and the upcoming UNECE Regulations on Cybersecurity and OTA updates. The purpose will be to identify the way-forward in concrete terms and in regards with the elements missing for a comprehensive coverage of Cybersecurity issues in the CCAM ecosystem. In the scope of this action should be included relevant policy-driven initiatives like the new ENISA study on the security of Smart Cars and V2X communications.
Advanced manufacturing
-Interoperable and integrated security – SDOs should work on interoperability standards for security and for linking communication protocols in order to provide end-to-end security for complex manufacturing systems including the span of virtual actors (from devices and sensors to enterprise systems). Standards should take into account risk management approaches as well as European regulation and regulatory requirements.
For any questions on this issue, do not hesitate to contact Camille Dornier: camille.dornier@eurosmart.com
|
