A European ICT security certification and labelling framework: one step further towards a European cybersecurity strategy

Given the proliferation of massive cyberattacks, such as Mirai in November 2016, WannaCry in May 2017, and Petya second wave in June 2017, a European Policy is needed in order to strengthen the Digital Agenda in Europe and the European Single Market both for consumers and the industry.

“A secured physical network architecture is necessary to efficiently protect ICT systems for consumers, such as connected homes, and for industries, such as Industrial Internet and connected mobility”, stated Didier Sérodon, President of Eurosmart.

IoT verticals are likely to expand in Europe. The number of connected devices is constantly increasing, due to the digitalization of components, systems and solutions, and an enhanced connectivity. This trend creates new opportunities for cyber offenders, especially because IoT devices are often not as well protected as traditional devices.

Didier Sérodon sees European security standards as the adequate answer to these challenges. “European security standards across different IoT verticals can reduce development effort, time and budget for all industry participants in the value chain of connected products. Certified secure anchor from the European smart security industry are available in scalable dimensions and are used today in many verticals, such as finance, transport, healthcare, energy sectors and automatic border control systems. Many devices like Mobile Phones, PCs, Tablets, Gateways, Connector, On-Board-Units, Pay-TV Decoder, and so on, use smart card security technologies, as well as embedded security.”

Hardware-based security products and solutions, together with security certification, have been a European success story for more than 20 years. These products and solutions are developed in accordance with the “Security by Design” principle. They offer, security, privacy and convenience to the consumer and the industry. This existing knowledge can be used to make IoT components and systems more secure and bring trust into the European Digital market.

However, these private initiatives develop in a disorganised manner. There is a need for consistency among standards and certification schemes. Therefore, Eurosmart fully supports the Commission’s proposal for a cybersecurity act granting ENISA a key role as a cybersecurity agency with full operational capabilities.

The creation of a European Cybersecurity Certification Group in the European cybersecurity framework is also welcome by Eurosmart as it will foster a better coordination of certification schemes.

Nevertheless, Eurosmart highlights the need for vigilance in order to ensure a smooth transition towards European schemes. Once created, European cybersecurity certification schemes should respect high security and exigence levels. SOG-IS MRA’s requirements should remain the reference.

Eurosmart remains committed to a sustained dialogue with the institutions and the stakeholders and is willing to positively contribute to this new framework.