Contributing to the development of the EU Cybersecurity Policies
A few days ago, the International Conference on the Eu Cybersecurity Act (EUCA) was held in Brussels, we were really looking forward to returning to face-to-face events. EUCA has been created to support the discussion among all the stakeholders in a key topic for the community: The EU Cybersecurity Act. One more year, it was attended by top-level speakers who addressed different areas such as IOT Challenges, cloud and GDPR Frameworks or innovations in assurance and standards, among others.
jtsec offered three talks and participated in a panel discussion
Our presence was quite notable this year, as we had three talks in the programme and we took part in a panel discussion, which are described below:
Cross Standard and Scheme Composition—A Needed Cornerstone for the European Cybersecurity Certification Framework: José Ruiz, CTO at jtsec, together with Georg Stütz, Security Certification Expert, NXP Semiconductors, conducted this talk which highlights the importance of the acceptance of certification and standard compliance results across different schemes or security standards. Some examples were showed from the developer and the lab perspectives.
ISO/IEC TS 9565 Towards Creating an Extension for Patch Management for ISO/IEC 15408 and ISO/IEC 18045: Javier Tallón, Technical Director at jtsec, together with Sebastian Frisch, Head of Laboratory at Secuvera, both co-editors of the ISO/IEC TS 9565 offered this session explaining the current status and news of the ISO Technical Specification, and explain how it address the patch management problem taking into account the Cyber Security Act requirements.
Lets Harmonize Labs Competence: ISO 19896: Finally, Javier Tallón carried out this conference regarding how critical is the harmonization on the competence of the different labs/evaluators. Among other topics to be addressed during the talk was how EUCC, the first European cybersecurity scheme for ICT products, will cover the requirements of this ISO and other related standards.
Panel Discussion: Differences Between Lightweight Certification Schemes in Europe. Will FITCEM be the solution? Discussing with top notch experts is always a joy, outstanding professionals like Helge Kreutzmann, Senior Expert, Bundesamt für Sicherheit in der Informationstechnik, Germany, Philippe Magnabosco, Policy Advisor for External Standards, ANSSI, France; Maria Christofi, ITSEF COO, Oppida, France; Pablo Franco, Head of Certification Body, CCN, Spain The panel discussed the potential impact that FITCEM will have both technically and in terms of the European market to the different stakeholders (manufacturers, laboratories, certification bodies, institutional agencies, etc.). The panelists shared their experience with the lightweight/Fixed-Time methodologies.
Looking forward to the next edition
We would like to thank the organizers for their good work and we hope that next year it will as interesting as this one. Looking forward for the next edition.