GlobalPlatform calls for global alignment on cybersecurity levels
New analysis highlights misalignment between European Union Cybersecurity Certification Scheme security levels and established approaches, creating confusion and fragmentation
GlobalPlatform, the standard for secure digital services and devices, has released a new whitepaper highlighting the potentially confusing implementation of security levels in the EU Cybersecurity Certification Scheme (EUCC) proposed by the European Union Agency for Cybersecurity (ENISA) as part of the Cyber Security Act (CSA).
“Businesses and citizens need clarity and confidence to adopt technology. If a device is certified as highly secure, that achievement should equate to the robustness of the device’s security and the functionality it can support. In differing from well-established security levels used in industry, the EUCC has introduced confusion and disturbed ecosystems founded on existing security schemes,” comments Olivier Van Nieuwenhuyze, Chair of the GlobalPlatform Security Task Force.
Highlighting misalignment in security levels
In its analysis, GlobalPlatform commends the European Union for taking a proactive approach to cybersecurity certification, particularly in light of today’s threat landscape, before asserting that the EUCC approach may ultimately undermine confidence in product security while increasing ecosystem fragmentation and consumer confusion.
According to the EUCC’s current framework, only public schemes operated by national bodies can certify that a product meets the highest level of cybersecurity. By extension, certifications from established security certification schemes—such as those managed by GlobalPlatform, and other industry organizations, which represent today’s best practices for cybersecurity across many different industries—can only be recognized as ‘substantial’ under the EUCC. This approach confuses robustness with assurance, highlighting to end users that the entity that certified the device is more important than the robustness of the device’s security.
“Fundamentally, end users must have accurate information to make educated choices. For a time, only security experts will be able to understand the security robustness of a product. If a product does not meet the expectations of end users, brands may be exposed and damaged,” adds Olivier.
Calling for collaboration
The paper calls for greater collaboration between public and private certification schemes, and increased emphasis on input from the industry, to ensure cybersecurity certification schemes are transparent, aligned with industry, and accessible to the end user.
“The EU CSA, ENISA and the EUCC has a fundamental role to play in the future of cybersecurity on both the European and global stages. Alignment with existing cybersecurity initiatives and security levels will help the ecosystem demonstrate the capabilities of products, foster confidence and adoption, and provide greater end-to-end security, privacy, simplicity and convenience for everyone,” adds Gil Bernabeu, Technical Director of GlobalPlatform.
Read the white paper here.
Watch this video to learn more: youtube.com/watch?v=L9TRKSgDueg
For further media information, please contact Alistair Cochrane:
email@example.com / +44 (0) 113 350 1922
GlobalPlatform is a technical standards organization that enables the efficient launch and management of innovative, secure-by-design digital services and devices, which deliver end-to-end security, privacy, simplicity and convenience to users. It achieves this by providing standardized technologies and certifications that empower technology and service providers to develop, certify, deploy and manage digital services and devices in line with their business, security, regulatory and data protection needs. Key offerings include secure component specifications; the Device Trust Architecture for accessing secure services within a device; the IoTopia Framework for secure launch and management of connected devices; and the SESIP Methodology for IoT device certification.
GlobalPlatform technologies are used in billions of smart cards, smartphones, wearables and other connected and IoT devices to enable convenient and trusted digital services across market sectors, including healthcare, government and enterprise ID, payments, smart cities, industrial automation, smart home, telecoms, transportation, utilities, and OEMs.
GlobalPlatform standardized technologies and certifications are developed through effective industry-driven collaboration, led by multiple diverse member companies working in partnership with industry and regulatory bodies and other interested parties from around the world.