Highlights of the Cybersecurity Standardization Conference

 

The European Standards Organisations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise its annual conference virtually this year. The event, which took place from 2nd to 4th February 2021, attracted over 2000 participants from the EU and from around the world.

The conference addressed standardization in relation to the Radio Equipment Directive (RED) and certification under the provisions of the Cybersecurity Act (CSA).

Objectives of the conference

The purpose of the conference was twofold. The event presented the current developments in the areas. It was also intended to foster a dialogue among policymakers, industry, research, standardisation and certification organisations, including all of those involved in the development of the ICT certification framework in Europe. The ultimate objective of the exercise is to implement the Cybersecurity Act in the most effective way.

The objectives of the presentations and key topics addressed by the conference panels were the following:

The presentation focussed on the cybersecurity requirements of the Directive. The European Commission is preparing delegated acts as well as a request for standardization to CEN-CENELEC and ETSI. The panel highlighted the connection between the European regulatory requirements and explored how standardisation can align with the EU policy goals in a global context. The participants were invited to discuss the link between the requirements of the RED and those associated with the Cybersecurity Act.

This part of the conference introduced the current state of play in cybersecurity standardization. The purpose of the discussion was also to draw attention to the gaps identified that need to the bridged. Each panellist was given the floor to present updates from their organisations.

  • Developments on standardisation in the area of Consumer IoT:

The panel addressed the situation of standardization in this area in relation to the general security standard active since last year.
The attention was drawn on sectorial standards and whether standards for smart homes, the automotive or house appliance for instance would be relevant ones to address. Interesting questions came up to liven the debate on the subsequent steps of certification, on how certification will impact end user behaviour or how to promote certified products.

  • Standardization of 5G, next steps foreseen:

The panel engaged in a discussion on the progress made so far on the standardisation of 5G. As preparations for a cybersecurity certification scheme for 5G networks are now beginning, important aspects needed to be addressed. It was important to stress the potential of certification given the number of initiatives already launched in the area and identify prospects for the future.

Cybersecurity Certification

Securing EU’s Vision on 5G: Cybersecurity Certification

The last panel closed the conference on a discussion focussed on the future of cybersecurity certification in general. It comes as the European Commission requested ENISA to prepare a candidate cybersecurity certification scheme on 5G networks on 3rd February 2021.

How should the standardization activities be prepared? How should these activities match with and help achieve the goals of the Union rolling work programme? Such questions remain to be answered in a comprehensive way.

As evidenced by the high number of participants such questions obviously stimulate the interest of a very large audience showing how crucial it is to open the debate as widely as possible to respond to these challenges adequately. Therefore, the audience of the conference and the public at large are most likely to expect a follow-up edition to take place in early 2022.

Background

Article 8 of the Cybersecurity Act gives mandate to the European Union Agency for Cybersecurity to monitor developments in the area of standardisation. The work of the Agency builds on the on-going standardisation work of the European Standardisation Organisations: CEN, CENELEC, ETSI, as well as the Cybersecurity Coordination Group (CSCG). ENISA engages its expertise to support these organisations, the European Commission and all other relevant stakeholders. In addition, ENISA is also cooperating with the Standard Developing Organisations (SDOs), namely ISO SC27 (Liaison), ETSI (Memorandum of Understanding) and CEN CENELEC (Collaboration agreement).

Further Information

The slides presented during the conference will be made available within the next few weeks on the website of the Cybersecurity Standardisation Conference

Radio Equipment Directive (RED)
Cybersecurity Act (CSA)
EU Cybersecurity Strategy for the Digital Decade
Securing EU’s Vision on 5G: Cybersecurity Certification
BDI, DIN and DKE’s paper on EU-wide cybersecurity regulation

image
Contact:

Giovanni COLLOT
gcollot@cencenelec.eu

SIMILAR NEWS

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on, your device to remember your preferences.

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

I accept all cookies
)