EU must continue to guarantee highest hardware resistance levels to cyberattacks
Europe must continue to guarantee the highest hardware resistance levels to cyberattacks, says Stéfane Mouille.
Europe’s leadership in digital security was established thanks to the unique expertise and knowledge developed in the Senior Officials Group - Information Security Systems Mutual Recognition Agreement (SOG-IS MRA) certification scheme which has now been operational for more than 25 years.
EU policymakers - as they debate the details of the so-called Cybersecurity package - are currently looking at how Europe can combat cybersecurity attacks. Europe is the undisputed worldwide leader in guaranteeing the highest resistance levels to potential attacks, thanks to the unique expertise and knowledge developed under the SOG-IS MRA certification scheme.
The scheme has a long and proud history and its principles are based on several key factors, such as the ability of security evaluation laboratories to perform ethical hacking and penetration testing while evaluating products, services or solutions.
Security evaluation laboratories also share a uniform level of evaluation, thanks to peer-reviews performed by EU member states’ national security agencies. Mutual certification recognition among all SOG-IS MRA members is also key.
Originally created by Eurosmart, the JHAS ethical hacking group is renowned for its expertise, intelligence and strong savoir faire. It is now the worldwide reference for blue chip companies such as Qualcomm, Visa, MasterCard, Samsung… and of course all the Eurosmart members.
We also have a successful track record in developing this unique European expertise. Prestigious organisations such as Nato, DHS, SWIFT, Visa, MasterCard, Microsoft, high-end smartphone manufacturers, Audi, Mercedes, Barclays, Airbus and Google all use Eurosmart technologies certified in Europe through the SOG-IS MRA certification scheme.
As President of Eurosmart, I want to reiterate the need to protect Europe through cybersecurity and to restate our five outcome-based principles.
First, clear legal definitions of essential terms referring to IT and security ecosystems.
Second, fair and open European governance during the preparation phase of candidate European certification schemes.
Third, a well-defined European certification objective that is appropriate for each level of certification. Above all, EU co-legislators should ensure that the ‘substantial’ and ‘high’ levels require mandatory Ethical Hacking testing (Penetration testing) by Conformity Assessment bodies (CABs) during evaluation.
Fourth, European standards must be the basis for the preparation of a new candidate European certification scheme.
Last, the EU Agency for Network and Information Security’s, (ENISA) ‘Intellectual Property Rights (IPR policy) should be spelled out in the cybersecurity act.
We urge the European Parliament, Commission, and Council to introduce the SOG-IS MRA certification schemes into the initial text - as an appendix to the Cybersecurity act regulation - to avoid any risk of disruption in European excellence and to make ethical hacking mandatory during substantial and high-level evaluations.
This content is published by the Parliament Magazine on behalf of our partners.
Making innovation happen is more than just a motto for the EIT, writes Dirk Jan van den Berg.
Manufacturers should be allowed to display compliance information electronically instead of printing the label on products, argues Cecilia Bonefeld-Dahl
Europe’s cloud infrastructure providers support the EU’s intentions to crack down on online terrorist content, however policymakers are targeting the wrong players, explains Alban Schmutz.