Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

GlobalPlatform calls for global alignment on cybersecurity levels

September 2022 by GlobalPlatform’s

GlobalPlatform has released a new whitepaper highlighting the potentially confusing implementation of security levels in the EU Cybersecurity Certification Scheme (EUCC) proposed by the European Union Agency for Cybersecurity (ENISA) as part of the Cyber Security Act (CSA).

“Businesses and citizens need clarity and confidence to adopt technology. If a device is certified as highly secure, that achievement should equate to the robustness of the device’s security and the functionality it can support. In differing from well-established security levels used in industry, the EUCC has introduced confusion and disturbed ecosystems founded on existing security schemes,” comments Olivier Van Nieuwenhuyze, Chair of the GlobalPlatform Security Task Force.

Highlighting misalignment in security levels

In its analysis, GlobalPlatform commends the European Union for taking a proactive approach to cybersecurity certification, particularly in light of today’s threat landscape, before asserting that the EUCC approach may ultimately undermine confidence in product security while increasing ecosystem fragmentation and consumer confusion.

According to the EUCC’s current framework, only public schemes operated by national bodies can certify that a product meets the highest level of cybersecurity. By extension, certifications from established security certification schemes—such as those managed by GlobalPlatform, and other industry organizations, which represent today’s best practices for cybersecurity across many different industries—can only be recognized as ‘substantial’ under the EUCC. This approach confuses robustness with assurance, highlighting to end users that the entity that certified the device is more important than the robustness of the device’s security.

“Fundamentally, end users must have accurate information to make educated choices. For a time, only security experts will be able to understand the security robustness of a product. If a product does not meet the expectations of end users, brands may be exposed and damaged,” adds Olivier.

Calling for collaboration

The paper calls for greater collaboration between public and private certification schemes, and increased emphasis on input from the industry, to ensure cybersecurity certification schemes are transparent, aligned with industry, and accessible to the end user.

“The EU CSA, ENISA and the EUCC has a fundamental role to play in the future of cybersecurity on both the European and global stages. Alignment with existing cybersecurity initiatives and security levels will help the ecosystem demonstrate the capabilities of products, foster confidence and adoption, and provide greater end-to-end security, privacy, simplicity and convenience for everyone,” adds Gil Bernabeu, Technical Director of GlobalPlatform.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts