Europe strives to standardise cybersecurity

The EU Network and Information Security Agency (ENISA) has joined forces with the semiconductor industry in a bid to improve the continent’s cybersecurity.

As ever region-wide initiatives such as this tend to be glacial affairs, but this announcement comes at a time when both cyber and physical security are especially prominent topics. The aims of the collaboration are summarised in a position paper, which focuses on four main areas: standardisation and certification, security processes and services, security requirements and implementation, and the economic dimensions.

The main European semiconductor partners are Infineon, NXP and ST Microelectronics. While the recent ransomware epidemic illustrated the vulnerability of legacy IT systems, this initiative seems to be designed more to address emerging security issues, especially around IoT. The exposure of massive organisations such as the NHS in the UK served to illustrate just how much more vulnerable we could all be when a zillion more devices are connected to the network.

The highest set of priorities are around standardisation including baseline requirements for IoT security and privacy that cover the essentials for trust, for example: rules for authentication/authorization, which should set mandatory reference levels for trusted IoT solutions. The other area considered to be highest priority is interoperability, which should be facilitated by standardisation.

“Trusted solutions and a common defined level for the security and privacy of connected and smart devices is both recommended and needed, to allow Europe to reap the benefits of soon to become ubiquitous technologies, said ENISA’s Executive Director Udo Helmbrecht. “As such, standardisation and certification have been identified as a priority, to accelerate the level playing field for the entire industry and reflect the trust of citizens, consumers and businesses in the connected environment”.

“This initiative will increase the much-needed awareness for security in IoT devices and organize a collective effort to establish important standards to help deliver it, which will ultimately bring big benefits to consumers and businesses,” said Marie-France Florentin GM of Secure Microcontroller Division at STMicroelectronics.

Not many companies put security at the top of their investment wish list as it’s rarely revenue-generating, but every time an organisation loses significant sums of money due to a cyber-attack that position is compromised. If we’re going to move the control of everything from devices to the network into the cloud, security needs to be improved considerably.