
The 2021 edition of the Conference presented the developments and upcoming challenges in European standardisation under the Cybersecurity Act.
The European Standards Organisations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise its annual conference virtually this year. The event, which took place from 2nd to 4th February, attracted over 2000 participants from the EU and from around the world.
The conference addressed standardisation in relation to the Radio Equipment Directive (RED) and certification under the provisions of the Cybersecurity Act (CSA).
Objectives of the conference
The purpose of the conference was twofold. The event presented the current developments in the areas. It was also intended to foster a dialogue among policymakers, industry, research, standardisation and certification organisations, including all of those involved in the development of the ICT certification framework in Europe. The ultimate objective of the exercise is to implement the Cybersecurity Act in the most effective way.
The objectives of the presentations and key topics addressed by the conference panels were the following:
- Cybersecurity requirements and standardisation activities under the scope of the Radio Equipment Directive:
The presentation focussed on the cybersecurity requirements of the Directive. The European Commission is preparing delegated acts as well as a request for standardisation to CEN-CENELEC and ETSI. The panel highlighted the connection between the European regulatory requirements and explored how standardisation can align with the EU policy goals in a global context. The participants were invited to discuss the link between the requirements of the RED and those associated with the Cybersecurity Act.
- Standardisation supporting the Cybersecurity Act
This part of the conference introduced the current state of play in cybersecurity standardisation. The purpose of the discussion was also to draw attention to the gaps identified that need to the bridged. Each panellist was given the floor to present updates from their organisations.
- Developments on standardisation in the area of Consumer IoT:
The panel addressed the situation of standardisation in this area in relation to the general security standard active since last year.
The attention was drawn on sectorial standards and whether standards for smart homes, the automotive or house appliance for instance would be relevant ones to address. Interesting questions came up to liven the debate on the subsequent steps of certification, on how certification will impact end user behaviour or how to promote certified products.
- Standardisation of 5G, next steps foreseen:
The panel engaged in a discussion on the progress made so far on the standardisation of 5G. As preparations for a cybersecurity certification scheme for 5G networks are now beginning, important aspects needed to be addressed. It was important to stress the potential of certification given the number of initiatives already launched in the area and identify prospects for the future.
Securing EU’s Vision on 5G: Cybersecurity Certification
The last panel closed the conference on a discussion focussed on the future of cybersecurity certification in general. It comes as the European Commission requested ENISA to prepare a candidate cybersecurity certification scheme on 5G networks on 3rd February 2021.
How should the standardisation activities be prepared? How should these activities match with and help achieve the goals of the Union rolling work programme? Such questions remain to be answered in a comprehensive way.
As evidenced by the high number of participants such questions obviously stimulate the interest of a very large audience showing how crucial it is to open the debate as widely as possible to respond to these challenges adequately. Therefore, the audience of the conference and the public at large are most likely to expect a follow-up edition to take place in early 2022.
Background
Article 8 of the Cybersecurity Act gives mandate to the European Union Agency for Cybersecurity to monitor developments in the area of standardisation. The work of the Agency builds on the on-going standardisation work of the European Standardisation Organisations: CEN, CENELEC, ETSI, as well as the Cybersecurity Coordination Group (CSCG). ENISA engages its expertise to support these organisations, the European Commission and all other relevant stakeholders. In addition, ENISA is also cooperating with the Standard Developing Organisations (SDOs), namely ISO SC27 (Liaison), ETSI (Memorandum of Understanding) and CEN CENELEC (Collaboration agreement).
Further Information
The slides presented during the conference will be made available within the next few weeks on the website of the Cybersecurity Standardisation Conference
ENISA website – Standards Topic
European Committee for Standardization (CEN)
European Committee for Electronical Standardization (CENELEC)
Radio Equipment Directive (RED)
Cybersecurity Act (CSA)
Fachartikel

ChatGPT bei der Arbeit nutzen? Nicht immer eine gute Idee

Das Aktualisieren von Software-Agenten als wichtige Praktik der Cyberhygiene auf MSP-Seite

Kosteneinsparungen und Optimierung der Cloud-Ressourcen in AWS

CVE-2023-23397: Der Benachrichtigungston, den Sie nicht hören wollen

Wie sich kleine und mittlere Unternehmen proaktiv gegen Ransomware-Angriffe wappnen
Studien

Studie zeigt 193 Millionen Malware-Angriffe auf Mobilgeräte von Verbrauchern im EMEA-Raum

2023 State of the Cloud Report

Trotz angespannter Wirtschaftslage: die Security-Budgets steigen, doch der IT-Fachkräftemangel bleibt größte Hürde bei Erreichung von Security-Zielen

BSI-Studie: Viele Software-Produkte für Onlineshops sind unsicher

Wie Cloud-Technologie die Versicherungsbranche revolutioniert
Whitepaper

Arctic Wolf Labs Threat Report: Deutlicher Anstieg der erfolgreichen Fälle von Business-E-Mail-Compromise

Aufkommende Trends in der externen Cyberabwehr

Cyber-Sicherheit für das Management – Handbuch erhöht Sicherheitsniveau von Unternehmen

Aktueller Datenschutzbericht: Risiko XXL am Horizont

Vertrauen in die Lieferkette durch Cyber-Resilienz aufbauen
Unter4Ohren

Optimierung der Cloud-Ressourcen und Kosteneinsparungen in AWS

DDoS – der stille Killer

Continuous Adaptive Trust – mehr Sicherheit und gleichzeitig weniger mühsame Interaktionen

Datenschutz und -kontrolle in jeder beliebigen Cloud bei gleichzeitiger Kostensenkung, Reduzierung der Komplexität, Verbesserung der Datenverfügbarkeit und Ausfallsicherheit
