Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Role of European Standards in Support of the Cybersecurity Act

Published byRoderick Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "The Role of European Standards in Support of the Cybersecurity Act"— Presentation transcript:

1 The Role of European Standards in Support of the Cybersecurity Act
Cinzia Missiroli, Director – Standardization and Digital Solutions, CEN and CENELEC 9 January 2017

2 European Standardization System
The European Committee for Standardization The European Committee for Electrotechnical Standardization The European Telecommunications Standards Institute = the European Standards Organisations (“ESOs”) Officially recognized by EU Regulation 1025/2012

3 EU Regulation 1025/2012 on European Standardization
CEN, CENELEC and ETSI officially recognized by European Union as European Standardization Organizations establishment of European standards and European standardization deliverables to support the free circulation of goods and services in the Single Market definition of European Standards as voluntary in application mechanism for the European Commission to request the ESOs to develop standards in support of European policy objectives

4 CEN and CENELEC position on the Cybersecurity Act
To ensure a coherent European approach to certification of ICT products and services, CEN and CENELEC stress the importance to: define what is meant by ‘ICT products and services’ covered by the proposal and establish a priority list of these, so that standardization can timely accompany market needs invite the formally recognized European and international standardization organizations to define the requirements and standards to be used and where applicable, give priority to internationally recognized standards (developed by ISO, IEC, or ITU-T) apply the process of the New Legislative Framework, which provides a clear separation between legislation, standards, and conformity assessment and avoids confusion in the market place. With the new proposal, the European Commission states its intentions to reinforce and preserve the security of ICT products and services and to increase trust in their use by the EU citizens. CEN and CENELEC share the view that the European Commission proposal provides insufficient information on the ICT products and services intended to be covered by the upcoming EU certification framework. A majority of the products and services currently placed on the market are ICT–enabled. The scope of the new regulation needs to clearly set the boundaries of the ICT products and services that will be covered by the new certification schemes. What exactly is meant by ICT products? Is it just Computers and peripheral equipment ? Or do we also consider toys, fire alarms as products subject to this regulation? CEN and CENELEC invite the European Commission to agree a consistent and coherent approach in defining a list of products and/or services to which the certification schemes will apply first. European Standards could support the envisaged certification schemes, reflecting interactions and interdependence along the whole value chain in the ICT industry and for the benefit of all business sectors, while taking into account the most broad spectrum of stakeholders. The European Standardization System enables the engagement of policy makers, societal stakeholders (Annex III organizations defined by Regulation 1025/2012) and industry organizations to collect requirements needs that could become part of European or international standards on data protection, information protection and security techniques with specific focus on cybersecurity covering all concurrent aspects of the evolving information society. CEN, CENELEC and ETSI produce high-quality standards for products and services that address all relevant requirements for the benefit of businesses, consumers and other standards users in Europe. European Standards are established through a transparent, balanced, and consensus-based process where all stakeholders can contribute – thereby fulfilling the requirements of Regulation 1025/2012. Therefore, CEN and CENELEC should be involved in the definition of the requirements for certification schemes as laid out by the CyberAct. Where applicable, priority should be given to internationally recognized standards (developed by ISO, IEC, or ITU-T) which enable European industry to access global markets. The long-standing cooperation of the ESOs with ISO, IEC and ITU-T has allowed the alignment of European Standards with international ones, contributing to the global competitiveness of European businesses. Strengthening this cooperation will facilitate the development of ISO and IEC standards to support European legislative and policy needs. It will also secure EU businesses involvement in the definition and implementation of EU certification framework. Specific ‘standard’ requirements developed by the European Commission or ENISA - in parallel to European and/or international standards - would create competition with these Standards, create uncertainty and ultimately stifle innovation. Therefore, CEN and CENELEC recommend to make use of International Standards for the certification schemes, wherever possible, to ensure certification against well-proven, community-approved technical specifications. CEN and CENELEC have developed standards in all business sectors and for use in a variety of purposes. By definition, European Standards are voluntary and organizations that use them do so voluntarily. For more than 30 years, the ESOs have developed harmonized standards, which manufacturers, other economic operators, or conformity assessment bodies can use to demonstrate that products, services, or processes comply with relevant EU legislation. We believe that the conformity assessment system should be the preferred solution for the implementation of the new cybersecurity solutions. For many sectors such as toys, LVD, construction or measuring instruments, this solution proved to be effective and less burdensome for European businesses. CEN and CENELEC urge the EC to effectively apply Regulation 1025/2012 when defining the requirements for ICT products and services that might be subject to certification. The current proposal might lead to the establishment of a new parallel system to the officially recognized standardization system which will hamper the take-up of new solutions and technologies rather than increase trust or security of product and services.

5 CEN and CENELEC standardization work on cybersecurity
CEN-CENELEC/TC 13 ‘Cybersecurity & Data Protection’: 50 European experts on cybersecurity and data protection, most of them also members of the ISO/IEC/JTC 1/SC 27 ‘IT Security’ active participation of ENISA addresses horizontal topics of the evolving interconnected society a.o. Smart Energy Specific objective: international standards adopted as European standards driven by the European market where needed with additional/complementary requirements (General Data Protection Regulation, NIS directive…) CEN and CENELEC have recently established CEN-CLC/TC 13 ‘Cybesecurity and data protection’. Is aims is to develop standards for data protection, information protection and security techniques with specific focus on cybersecurity covering all concurrent aspects of the evolving information society, including: • Organizational frameworks and methodologies, including IT management systems • Data protection and privacy guidelines • Processes and products evaluation schemes • ICT security and physical security technical guidelines • Smart technology, objects • Distributed computing devices • Data services This Technical committee gathers more than 50 European experts on cybersecurity and data protection, most of them also members of the ISO/IEC/JTC 1/SC 27 ‘IT Security’. ENISA has been participating in the CEN-CLC Focus Group on Cybersecurity for there years now and expressed willingness to support the standardization process of the new TC 13. CEN and CENELEC urge the EC to effectively apply Regulation 1025/2012 when defining the requirements for ICT products and services that might be subject to certification, namely to mandate this TC (and ETSI TC CYBER) to effectively contribute to the discussions on the requirements that ICT products and services should comply with when being placed on the market.. European and global. Developing certification schemes following the established standardization process as defined by Regulation 1025/2012 will foster stakeholders’ commitment, the link between European and international standards as well as coherent national implementations of European cybersecurity requirements to ensure the technical consistency of the Single Market. Our CEN –CLC/TC 13 has also a specific objective, namely the assessment of existing international standards adopted as European standards. This discussion will start on 14 February at the next TC meeting and we will have some proposals on standards to be adopted in European and additional/complementary requirements to help industry meet the new requirements under General Data Protection Regulation and NIS Directive before the end of the year. We strongly fear that current proposal might lead to the establishment of a new parallel system to the officially recognized standardization system which will hamper the take-up of new solutions and technologies rather than increase trust or security of product and services.

6 Market impact of standardization
CEN and CENELEC collaborate closely with ISO/IEC JTC 1/SC 27 ‘IT Security’ to ensure alignment of international and European Standards. 10 identical standards are in place:

7 Next steps Join us for the ESO-ENISA Workshop on the role of standards in support of the implementation of the CybersecurityAct 13 February 2018 at Marriott Hotel

Download ppt "The Role of European Standards in Support of the Cybersecurity Act"

Similar presentations

1ISO policy on global relevance MAS/PGR Jannuary 2006 ISO Policy on global relevance.

1ISO policy on global relevance MAS/PGR Jannuary 2006 ISO Policy on global relevance.
23 November 2011 Strengthening the consumer voice in the development of standards Raising Standards for Consumers 1 IMCO public hearing – 23 November 2011.

23 November 2011 Strengthening the consumer voice in the development of standards Raising Standards for Consumers 1 IMCO public hearing – 23 November 2011.
Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.

Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.
1 European Standardisation and the Identification of ICT Technical Specifications 13th XBRL Europe Day Rome, 6 May 2014 Antonio Conte, Project Manager.

1 European Standardisation and the Identification of ICT Technical Specifications 13th XBRL Europe Day Rome, 6 May 2014 Antonio Conte, Project Manager.
European Initiatives in the Standardisation and e-Business Domains Antonio Conte European Commission – DG Enterprise and Industry Unit D3 “ICT for Competitiveness.

European Initiatives in the Standardisation and e-Business Domains Antonio Conte European Commission – DG Enterprise and Industry Unit D3 “ICT for Competitiveness.
The Regulation on European Standardisation

The Regulation on European Standardisation
European Commission EUROPEAN STANDARDISATION IN SUPPORT OF EUROPEAN POLICIES AND LEGISLATION Norbert ANSELMANN Head of.

European Commission EUROPEAN STANDARDISATION IN SUPPORT OF EUROPEAN POLICIES AND LEGISLATION Norbert ANSELMANN Head of.
Regulation (EC) No. 765/2008 on accreditation and market surveillance

Regulation (EC) No. 765/2008 on accreditation and market surveillance
Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.

Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.
Using and referencing ISO and IEC standards to support public policy.

Using and referencing ISO and IEC standards to support public policy.
ITU-T Forum Geneva, 13 October 2014 Monica Ibido,

ITU-T Forum Geneva, 13 October 2014 Monica Ibido,
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
1 ANSI Conference on U.S. Leadership in ISO and IEC Presented by Mr. Steven P. Cornish Director, International Policy American National Standards Institute.

1 ANSI Conference on U.S. Leadership in ISO and IEC Presented by Mr. Steven P. Cornish Director, International Policy American National Standards Institute.
| 1 Guido de Wilt DG TREN D4 EUROPEAN POLICY REGARDING MICRO-CHP EUROPEAN COMMISSION.

| 1 Guido de Wilt DG TREN D4 EUROPEAN POLICY REGARDING MICRO-CHP EUROPEAN COMMISSION.
Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?

Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”

European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
Standardization system in the European Union Werner STERK Federal Ministry of Economics and Technology Unit “Standardization, Conformity Assessment, Metrology”

Standardization system in the European Union Werner STERK Federal Ministry of Economics and Technology Unit “Standardization, Conformity Assessment, Metrology”

Similar presentations

Ads by Google