Cybersecurity has been identified as one of the standardization priorities, since cyber-threats impact a multitude of sectors. Cybersecurity and data protection are rapidly growing and changing technical and application domains. The threats and requirements are increasing dramatically with the progress of digitalization and the rising number of critical assets digitalized and accessible online. Therefore, protection is expected from citizens but also industry and even governments.
CEN-CLC/JTC 13 ‘Cybersecurity and data protection’ is the CEN and CENELEC horizontal technical committee that addresses these needs. Its primary objective is to transport relevant international standards (especially from ISO/IEC JTC 1 SC 27) as European Standards (ENs) in the Information Technology (IT) domain. It also develops ‘homegrown’ ENs, where gaps exist, in support to EU regulations (RED, eIDAS, GDPR, NIS, etc.). These two streams of activities aim at creating a strategic portfolio of standards in Europe, which fits the European needs. CEN-CLC/JTC 13 works closely with ENISA (The European Union Agency for Cybersecurity) in the context of the European certification schemes, and with the European Commission, in the frame of the cybersecurity-related standardization request under the Radio Equipment Directive (RED).
CLC/TC 65X ‘Industrial-process measurement, control and automation’ is the other main provider of cybersecurity-related standards in the Operational Technology (OT) domain. It prepares standards for systems and elements used for industrial process measurement, control and automation. It has created the EN IEC 62443 series of standards for Operational Technology (OT) found in industrial and critical infrastructures, including but not restricted to power utilities, water managements systems, healthcare and transport systems.
