On 20 November, ENISA hosted the conference ‘Towards the EU Cybersecurity Certification Framework’ in Brussels.
This conference, which attracted an impressive line-up of experts from both the public and private sector, was a follow-up on the European Commission's proposal for a European cybersecurity certification framework under the Cybersecurity Act (CSA) Proposal and the previous ENISA conference organized on March 1st 2018 in Brussels.
Steve Purser, Head of the Core Operations Department at ENISA gave an initial welcoming speech in which he stressed the fact that ENISA has been preparing for its newly acquired role on the new Cybersecurity Certification Framework and will start work in earnest as soon as the CSA is adopted. On this note, he pointed out that the Agency would soon be publishing vacancy notices for key staff experts in this new area. He mentioned that the preparatory work with the stakeholder communities to prepare them for contributing to the first schemes has been very successful and ENISA believe that the majority of these communities are also up-to-speed and prepared to contribute.
The ability of ENISA to understand the cybersecurity certification ecosystem has been singled out as the key takeaway message from this conference. Public authorities involved are already preparing for the transition to the new framework in an effort to encapsulate important European experience in the area of information security certification to the new EU cybersecurity certification framework. Significant vertical areas likely to benefit from the new framework include Cloud Computing and IoT as the European Commission is responding to apparent industry demand. While there is plenty of work ahead for the industry, CABs and public authorities, an air of optimism prevailed in the end of the conference about the ability of the EU to reign technology challenges by means of the certification framework.
Udo Helmbrecht, Executive Director for the Agency closed the meeting by noting that the proposed Cybersecurity Certification Framework is a unique opportunity for the EU and assuring all present that ENISA was fully up to speed with its preparations and was ‘ready to go’. In this sense, ENISA is looking forward to the conclusion of the legislative process on the Cyber Security Act, which will provide the ‘green light’ that the Agency requires in order to assist in the scope of the framework.