ETSI releases cautionary statement on proposed EC Cybersecurity Act

February 09, 2018 // By Ally Winning
Global Information and Communications Technologies standards provider ETSI has released a cautionary position paper on the European Commission (EC) proposal of Cybersecurity Act (Regulation 2017/0225).

The EC published a proposal to the European Parliament and the Council on “ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology (ICT) cybersecurity certification ("Cybersecurity Act")" in September 2017.

The overall proposal is welcomed by ETSI with a note of caution and a request for further clarification. The standards body is in favour of the overall objective of the regulation, to “increase EU resilience, enhance its cybersecurity preparedness and avoid fragmentation of certification schemes in the EU”, but is wants more information on the details of the regulation.

ETIS wants a clarification of the concept and definitions of standards for certification and recommends that the relationship between standards and certification schemes is explicitly described in the draft regulation.

Further, ETSI would like the regulation to be used as a toolbox and the text changed to lay out a clear sequence of “requirements – standards – certification”, and the steps detailed for self-assessment of conformity with the specific requirements and standards.

ETSI also recommends that the regulation follows a risk management approach and lets market players define those levels, as well as replacing article 45 with higher level objectives – leaving technical issues to standards. Next, the standards body wants clarification of how the text would interact with existing certification schemes and a clear migration path from the current national or SOG-IS MRA certification scheme. Finally, ETSI recommends would like clarification and specification of the new missions granted to both ENISA and the European Commission.

http://www.etsi.org/images/files/ETSI_position_paper-CyberAct_20180206.pdf

 

See also: Top five cybersecurity challenges for 2018

See also: Fitness app could expose military bases

See also: Partnership to create decentralized blockchain-based cybersecurity consortium

See also: AI-Based cybersecurity technology delivers advanced threat protection

See also: AI and sensor data create behavioural biometrics to secure smartphones

See also: Tiny frequency comb enables optical encryption for IoT, fibre and cryptocurrencies


s