Cybersecurity Certification: breaking new ground

Back to News

This year the European Union Agency for Cybersecurity (ENISA), has returned with its recurrent Cybersecurity Certification Conference.

The conference focused on the future of certification and on how the upcoming voluntary certification schemes will be further developed and implemented as part of the EU’s certification approach. Throughout the week, hybrid meetings of dedicated Ad-Hoc Working Group (AHWG) plenaries were also organised on the side-lines of the conference.

Cybersecurity threats are on the rise. Spurred by an ever-growing online presence, the transitioning of infrastructures to cloud-based solutions, advanced interconnectivity and the exploitation of new features of emerging technologies have led to the growth of the cybersecurity landscape under the pressure of increasingly sophisticated attacks.

To secure network and information systems, cybersecurity solutions have been broadly available on the market, albeit at varying levels of performance and trust.

The EU cybersecurity certification framework, aims to establish and maintain trust and security in Information and Communications Technology (ICT) products, ICT services and ICT processes. Therefore, the drivers for cybersecurity certification in the EU go beyond cybersecurity requirements. They address imbalances in the market and are touching upon socio-economic aspects such as users’ trust, the duty of care of a manufacturer or provider and prevention of cybersecurity failure to protect market reputation.

In this context, on 2-3 June, the European Union Agency for Cybersecurity (ENISA) delivered its 2022 edition of Cybersecurity Certification Conference. The conference attracted about 1000 registrations and brought on stage cybersecurity experts, service providers, conformity assessment, supervisory bodies and national authorities. Together, they looked at the future of certification with prospective exchanges about new technologies and at the ability to integrate certification in the development cycle of ICT solutions. This led to fruitful discussions, debates, panels and presentations on a number of trending topics around cybersecurity certification.

The conference was opened by ENISA’s Executive Director Juhan Lepassaar, who underscored the role of the public authorities on cybersecurity certification along the lines of digital sovereignty and trust. Keynote speeches were delivered by representatives of cyber agencies ANSSI (France), NUKIB (Czech Republic), BSI (Germany), the European Commission and CEN-CENELEC.

The conference content was delivered by dedicated panel discussions which focused on the implementation of national strategies across the EU, provided updates on the ongoing development of the cybersecurity certification schemes and on aspects of the cybersecurity market and on the applicable methodologies to support the certification schemes. Finally, the future of certification was addressed.

The main takeaways

The first part of the week was dedicated to Ad-Hoc Working Group (AHWG) plenaries on Common Criteria (EUCC), Cloud Services (EUCS), 5G and Cybersecurity Market that were physically organised in Athens by offering also the possibility to attend online.

- Ad-Hoc Working Group on Common Criteria (EUCC)

The plenary session for the EUCC Ad-Hoc Working Group included a presentation and an open dialogue on the results of the pilot evaluations carried out by dedicated contributors.

The focus of the discussions was on the maintenance process of the future certification scheme and on how to leverage the existing SOG-IS agreement and other support documentation available at Member States level.

 - Ad-Hoc Working Group on Cloud services (EUCS)

 The Cloud services Ad-Hoc Working Group, continued on aspects concerning guidance related to the scheme implementation.

 - Ad-Hoc Working Group (AHWG) on EU 5G

The first plenary session on the recently launched Ad-Hoc Working Group for the EU 5G sought to consolidate the risk assessment, and the analysis of the NESAS and SAS specifications of GSMA.

- Ad-Hoc Working Group on the Cybersecurity Market

The Ad-Hoc Working Group on the Cybersecurity Market focused on the market analysis framework as it applies on the market for cloud services.

 Target audience of the ENISA Cybersecurity Certification Conference

  • Experts from public authorities that are competent for cybersecurity certification and market.
  • European Institutions with a competence or interested in cybersecurity.
  • Conformity Assessment Bodies, Cybersecurity evaluators and auditors.
  • Business and the industry sector.
  • Researchers and the academic community.

Awareness Campaign on certification dedicated to the Conformity Assessment Bodies (CABs)

Following up on its effort to explain EU cybersecurity certification in a series of animated videos, ENISA’s Awareness Raising and Education Team proposes a second awareness raising campaign with a short video clip. Targeting more largely on IT consumers, the clip aims at explaining the European Cybersecurity Certification Framework.

Next steps

Next ‘’Cybersecurity Market Conference’’ can be penciled in your calendars in November in Brussels.

Contact

For questions related to the press and interviews, please contact press(at)enisa.europa.eu