Brussels – 16 March 2022
On 15 March, the European Standards Organisations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise their 6th annual conference. The virtual conference focused on ‘European Standardization in support of the EU cybersecurity legislation’ and attracted over 900 attendees from the EU and from around the world.
The event opened with the European Standards Organisations, ENISA and the European Commission giving an overview of the EU cybersecurity standardisation landscape.
Wolfgang Niedziella, CENELEC President, said: “It is without doubt that European standardization plays a key role in cybersecurity: it helps strengthen Europe’s collective resilience against cyber-threats and ensure that all citizens and businesses can benefit from trustworthy and reliable products, services and processes. For this reason, CENELEC, together with CEN is committed to working together with ENISA and all relevant stakeholders to build a sustainable European cybersecurity standardization system that can support European interests and foster the uptake of cybersecurity solutions in the Single Market”.
Luis Jorge Romero, ETSI Director General, said: “The digital world shapes the present and the future of individuals, businesses, and administrations. For ETSI, developing standards that enable a sustainable and securely connected society has been at the heart of our work for more than 30 years now. The EU legislation and policy initiatives on cybersecurity reinforce our commitment to deliver the supporting standards. This event is the opportunity to have, once again, the EC, ENISA, and the ESOs working hand in hand for the benefit of the European society.”
Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity said: “In a world where digital tools and services have become our daily companions, standards help us make better decisions. They ensure safety, quality control and compatibility between products while simplifying the life of manufacturers. Therefore, ENISA is engaged to look at ways standards can also frame cybersecurity legislation to enhance consumers’ trust.”
The purpose of the conference was twofold. First of all, the event presented current developments in the area of cybersecurity standardization. It also fostered a dialogue among policy makers, industry, research, consumer associations, standardization and certification organisations, including all of those involved in the development of the ICT certification framework in Europe.
The conference was organised around four panels where ongoing standardization work and future requirements were discussed. Panellists expressed their views on how to support the revision of the NIS directive, the European Digital Identity (EUid) regulation for digital identity wallets, the AI Act and the data protection legislative framework.
The closing panel concluded on the need for closer collaboration between all stakeholders and outlined the strategic relevance of standards.
The European Union Agency for Cybersecurity seized the opportunity of the standardization conference to issue two new reports on standardization in support of cybersecurity policy. The first is an overview of existing standards in relation to risk management describing methodologies and tools used to meet standards’ requirements. The second report focuses on 5G cybersecurity and analyses standards contributing to the mitigation of technical and organisational risks in the 5G ecosystem. Both reports identify standardization gaps, and provide recommendations to enhance standards coverage in these areas, based on the needs of stakeholders.