CEN, CENELEC and ETSI, together with ENISA, organized a joint conference “Cybersecurity Act – Establishing the link between Standardization and Certification” which took place in Brussels on 13 February.
Dr Bernhard Thies (CENELEC President), Luis Jorge Romero (Director General of ETSI) and Steve Purser (Head of Core Operations at ENISA) welcomed more than 200 participants from industry, SMEs, consumer organizations, certification bodies, standardization organizations and policy makers.
The keynotes and intensive panel discussions with the audience addressed the following topics:
- How can the Cybersecurity Act increase confidence in ICT products and services in the European market?
- How can an EU certification framework be established? Which market perspectives are there for this?
- ICT standardization for products and services: What are the prospects for European and international standards through the European Cybersecurity Act?
There was agreement that certification schemes should be based on standards. The general message was not to reinvent the wheel. Indeed, European Standardization is a reliable platform to define the requirements for certification for all business sectors including ICT.
A large number of standards are already available. The European Standardization Organizations will adopt standardization deliverables in the field of cybersecurity and data protection already published by ISO, IEC, ITU-T, IEEE and by other Standardization development organizations, fora and consortia. The new CEN and CENELEC Joint Technical Committees on Cybersecurity and Data Protection (CEN/CLC/JTC13), and on Privacy Management in Privacy and Services (CEN/CLC/JTC 8) will develop CEN/CENELEC publications for safeguarding information such as organizational frameworks, management systems, techniques, guidelines for products and services, including those in support of the EU Digital Single Market.
The presentations made at this conference are available in the CEN and CENELEC website