ENISA publishes a new report on the importance of standards in the area of electronic identification and trust services providers.
A number of challenges are associated with the definition and deployment of standards in the area of cyber security. These include the lack of agility for standards to evolve at a comparable pace with the IT landscape, competing sets of standards, economic considerations (such as lock-in), lack of awareness, and organisational challenges.
Currently in cyber security there is no single, consistent “line of standards”. Some areas are considered over-standardised while others lack compliance (i.e. within privacy and data protection legislation). Within the private sector, standardisation tends to be in line with the core interests of product developers or service providers. Aligning public sector goals with standardisation priorities of the private sector remains a challenge, with a number of EU governments promoting their broader adoption and use.
ENISA’s report identifies alternatives and high level strategic options for recommendations on security standards. Additionally it explains the importance of taking advantage of EU funded R&D programmes (H2020) by launching flagship projects and initiatives with clear standardization objectives.
The paper gives an inventory and overview of concrete standardisation activities associated with the electronic IDs trust service providers (eIDAS) regulation. It concludes with a proposal of a reviewed standard on cryptographic suites for electronic signatures and infrastructures.
For the full report: Standardisation in the field of Electronic Identities and Trust Service Providers
Background:
Key EU initiatives within the area include the EU’s Cybersecurity Strategy providing a harmonised framework for the evolution of different aspects of cyber security, and includes a proposal for a Directive on Network and Information Security (NIS). Within this framework the Cyber Security Coordination Group establishes a European standardisation roadmap and acts as the main contact point for all questions by EU institutions, while it proposes to the Commission a cooperation strategy between the EU and the US.