ENISA’s Executive Director, Udo Helmbrecht, is participating at the 19th Security Conference on Telecommunications and IT Security in Warsaw on the 14th and 15th October 2015, at the Copernicus Science Centre, Warszawa. ENISA is proudly an honorary patron of this year’s event.
On day two of the conference, Prof Helmbrecht spoke about cybersecurity standards giving an insight from the EU perspective. The subject area is continuously under the microscope as the community tries to define the term ‘cybersecurity’, ‘and what is expected with the definition of ‘cybersecurity standards’ (classification, who participates, how).
Udo Helmbrecht explained the objectives towards a coordinated approach to standardisation based on consensus and approved in a recognised body. The sector’s status, the current regulation and ENISA’s role in the process for standardising cybersecurity was presented.
ENISA’s role to cybersecurity standards in the EU
The aim of the Agency is to promote best practices through Standards Developing Organisations (SDOs) and to act as an interface between them and the public and private sector. The goal is on the one hand to establish a formal and working collaboration with SDOs and related Working groups while on the other to review and include standards in the NIS activities and formulate proposals for standards.
ENISA acts as a liaison with ISO SC27, is an active member of CSCG, has MoUs with ETSI, CEN CENELEC is in the process for a MoU with ITU, while it aligns key activities of its own with the work of SDOs in the areas of smart grids, privacy and cloud certification. In 2015 the Agency is elaborating the studies, which:
- will contribute to a more concrete definition of cybersecurity and identify gaps and overlaps, areas covered, and organisations involved in standardisation process
- presents the current governance framework of the EU standardisation, finding ways to align policy, industry and research
- promotes security and privacy standardisation for the SME community, through listing existing ICT S&P standards that can be used by SMEs, and recommendations to increase their adoption, and the status on of standardisation for SMEs.
“The challenge we face is lack of a consistent strategy towards standards. Shortcomings of the current approach are well recognised. At the EU level we need to improve coordination between EU funded Research and Development (R&D) and Standards Developing Organisations (SDOs). As drivers of such coordination existing initiatives could be used, such as ‘Horizon 2020’ and ETSI/CEN/CENEEC Cybersecurity Coordination Group). A concrete strategy for the ‘European Standardisation Organisations’ (ESOs) is an insisting need” said Udo Helmbrecht. “I am happy that today we are patrons of this event and I hope in the near future we will have substantial actions taking place which will decipher the sector and see the tangible results of everyone’s efforts to standardising EU cybersecurity”
Follow the event @securepl
Background: The conference presented state-of-the-art solutions, analysis of the current threats, latest trends in ICT security as well as important legal issues. Participants have a unique opportunity to gain the latest knowledge, improve their qualifications and exchange experience with experts (source Secure 2015)
For more on the subject and interviews please contact press@enisa.europa.eu , Tel. 2814 409576
October is Cyber Security Month! Follow #CyberSecMonth #ENISA
Visit: www.cybersecuritymonth.eu