EU must continue to guarantee highest hardware resistance levels to cyberattacks

Written by Stéfane Mouille on 4 June 2018 in Thought Leader
Thought Leader

Europe must continue to guarantee the highest hardware resistance levels to cyberattacks, says Stéfane Mouille.

Europe’s leadership in digital security was established thanks to the unique expertise and knowledge developed in the Senior Officials Group - Information Security Systems Mutual Recognition Agreement (SOG-IS MRA) certification scheme which has now been operational for more than 25 years. 

EU policymakers - as they debate the details of the so-called Cybersecurity package - are currently looking at how Europe can combat cybersecurity attacks. Europe is the undisputed worldwide leader in guaranteeing the highest resistance levels to potential attacks, thanks to the unique expertise and knowledge developed under the SOG-IS MRA certification scheme.

The scheme has a long and proud history and its principles are based on several key factors, such as the ability of security evaluation laboratories to perform ethical hacking and penetration testing while evaluating products, services or solutions.


RELATED CONTENT


Security evaluation laboratories also share a uniform level of evaluation, thanks to peer-reviews performed by EU member states’ national security agencies. Mutual certification recognition among all SOG-IS MRA members is also key.

Originally created by Eurosmart, the JHAS ethical hacking group is renowned for its expertise, intelligence and strong savoir faire. It is now the worldwide reference for blue chip companies such as Qualcomm, Visa, MasterCard, Samsung… and of course all the Eurosmart members.

We also have a successful track record in developing this unique European expertise. Prestigious organisations such as Nato, DHS, SWIFT, Visa, MasterCard, Microsoft, high-end smartphone manufacturers, Audi, Mercedes, Barclays, Airbus and Google all use Eurosmart technologies certified in Europe through the SOG-IS MRA certification scheme.

As President of Eurosmart, I want to reiterate the need to protect Europe through cybersecurity and to restate our five outcome-based principles. 

First, clear legal definitions of essential terms referring to IT and security ecosystems. 

Second, fair and open European governance during the preparation phase of candidate European certification schemes. 

Third, a well-defined European certification objective that is appropriate for each level of certification. Above all, EU co-legislators should ensure that the ‘substantial’ and ‘high’ levels require mandatory Ethical Hacking testing (Penetration testing) by Conformity Assessment bodies (CABs) during evaluation. 

Fourth, European standards must be the basis for the preparation of a new candidate European certification scheme. 

Last, the EU Agency for Network and Information Security’s, (ENISA) ‘Intellectual Property Rights (IPR policy) should be spelled out in the cybersecurity act.

We urge the European Parliament, Commission, and Council to introduce the SOG-IS MRA certification schemes into the initial text - as an appendix to the Cybersecurity act regulation - to avoid any risk of disruption in European excellence and to make ethical hacking mandatory during substantial and high-level evaluations.

Download the new Eurosmart policy paper, 'Cybersecurity Act: Ethical hacking does matter!'

About the author

Stéfane Mouille is President of Eurosmart the European digital security industry association

Share this page

Tags

Categories

Partner content

This content is published by the Parliament Magazine on behalf of our partners.

Related Partner Content

Individuals make innovation a reality
26 November 2018

Making innovation happen is more than just a motto for the EIT, writes Dirk Jan van den Berg.

e-labelling: A low-hanging fruit
21 August 2018

Manufacturers should be allowed to display compliance information electronically instead of printing the label on products, argues Cecilia Bonefeld-Dahl

A square peg into a round hole
27 November 2018

Europe’s cloud infrastructure providers support the EU’s intentions to crack down on online terrorist content, however policymakers are targeting the wrong players, explains Alban Schmutz.