European Standardization Organizations discuss role of standards in support of EU Cybersecurity Strategy with Commission Vice-President Neelie Kroes

Sophia Antipolis, 3 April 2014

A high-level delegation from the European Standardization Organizations (ESOs) – CEN, CENELEC and ETSI – met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014). During this meeting, the representatives from the three ESOs presented their latest proposals regarding how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy.

The meeting with European Commission Vice-President Neelie Kroes was attended by representatives of the European Standardization Organizations (ESOs):

  • Friedrich Smaxwil – CEN PresidentVPKroes-meeting-CEN-CENELEC-ETSI
  • Elena Santiago Cid – Director General of CEN and CENELEC
  • Dirk Weiler – Chairman of the ETSI General Assembly
  • Christian Ehler – Member of the European Parliament and Chair of the CEN-CENELEC-ETSI Cybersecurity Coordination Group (CSCG)
  • Torsten Bahke – Chairman of the Executive Board of DIN (German Institute for Standardization), which is a CEN Member and provides the secretariat of the CSCG

Also participating in the discussion was Stephan Lechner – Director of the Institute for the Protection and Security of the Citizen (IPSC), which is part of the European Commission’s Joint Research Centre (JRC), as well as senior officials from ENISA - the EU Agency for Network and Information Security, and the European Commission (DG Connect).

The main purpose of the meeting was to discuss how the three ESOs can contribute towards the successful implementation of the EU Cybersecurity Strategy, which was published by the European Commission last year. The ESO representatives presented a series of recommendations prepared by the CEN-CENELEC-ETSI Cybersecurity Coordination Group (CSCG), which was set up by the ESOs to provide advice on strategic matters related to IT security, Network and Information Security (NIS) and cybersecurity.

The CSCG’s recommendations underline the importance of cybersecurity standardization for the protection of personal data and other important information, as well as the benefits of harmonized cybersecurity standards in terms of completing the European Single Market and unlocking business potential. In order to address these objectives, the ESOs are calling for a coherent framework for the governance of cybersecurity standardization, within the context of EU Regulation 1025/2012 on European standardization.

According to the ESOs, there is a need to establish a clear and common understanding of the scope of cybersecurity, and to clarify and define the terminology used to describe various aspects and concepts related to cybersecurity. There is also a need to develop standards that will ensure the protection of personal data and inspire public confidence by creating a trustworthy digital environment for European citizens and consumers.

During their meeting, Vice-President Kroes agreed with the ESO representatives that Europe should continue to play a leading role in the development of standards related to cybersecurity. Vice-President Kroes was supportive of the ESOs’ ongoing efforts to work with the ICT industry and take the interests of citizens and consumers into account. She emphasized the importance of effective coordination among the ESOs, and also with business associations and other actors through the European Multi-Stakeholders Platform on ICT Standardization, which includes representatives of the ESOs alongside other relevant stakeholders.

Following the meeting, Dr Christian Ehler MEP (Chair of the CSCG), stated:
"With these recommendations, the CSCG encourages the European institutions to establish a global lead in cybersecurity standardization. The protection of personal data is one of the core values of the European Union. We urge that the necessary steps be taken to make the European online environment the safest in the world, as demanded by the EU's Cybersecurity Strategy."

Friedrich Smaxwil (CEN President) emphasized the role of the ESOs:
"In CEN and CENELEC we are ready to play our part in supporting the successful implementation of the EU Cybersecurity Strategy. This includes finding out what businesses and consumers need and expect from standards, and reinforcing the links between research and standardization. We will continue to collaborate with the EU institutions, including ENISA and the JRC, as well as with ETSI and the international standardization organizations."

Dirk Weiler (Chairman of the ETSI General Assembly) added:
"ETSI has just launched a Technical Committee for Cybersecurity to support the EU strategy, meet industry needs for more security standardization and address citizens’ privacy concerns. Today most businesses in Europe rely heavily on internet and online communications, whether internally or with their customers, suppliers or partners. Cybersecurity and data protection have become strategic issues for companies with an impact on their competitiveness, performance and reputation. ETSI continues its very successful security standardization work in various Technical Committees, including the Security Algorithms Group of Experts (SAGE) and the 3rd Generation Partnership Project’s security group, as well as cooperation with relevant other standards development organizations like IETF."

Notes
'Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace' was published on 7 February 2013 by the European Commission and the EU High Representative for Foreign Affairs and Security Policy. The strategy articulates the EU's vision of cyber-security in terms of five priorities: achieving cyber resilience; drastically reducing cybercrime; developing cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP); developing the industrial and technological resources for cyber-security; establishing a coherent international cyberspace policy for the EU and promoting core EU values. 

For more information about the EU Cybersecurity Strategy, please see the website of the European Commission (Digital Agenda): http://ec.europa.eu/digital-agenda/en/cybersecurity

The European Multi-Stakeholder Platform on ICT Standardization was set up by the European Commission and includes representatives of the ESOs alongside other relevant stakeholders.
See: http://ec.europa.eu/digital-agenda/en/european-multi-stakeholder-platform-ict-standardisation

The Rolling Plan on ICT Standardization provides a multi-annual overview of the needs for ICT-related standardization activities to be undertaken in support of EU policies.
See: http://ec.europa.eu/enterprise/sectors/ict/standards/work-programme/index_en.htm

The CEN-CENELEC-ETSI Cybersecurity Coordination Group (CSCG) was set up in 2011. The CSCG gives advice to the technical boards of CEN, CENELEC and ETSI on strategic matters related to IT security, Network and Information Security (NIS) and cybersecurity. The CSCG works in close cooperation with overseas partners (notably in the USA), with the EU institutions (including ENISA - the European Union Agency for Network and Information Security), and with the international standardization organizations (ISO and IEC).

The CSCG is chaired by Dr Christian Ehler (Member of the European Parliament). The secretariat is provided by DIN (Deutsches Institut für Normung / German Institute for Standardization).

The CSCG has developed a document (White Paper) with proposals addressed to the European Commission. The CSCG White Paper 'Recommendations for a Strategy on European Cybersecurity Standardization' is available on the CEN-CENELEC website.
See: www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Pages/default.aspx

ETSI published its latest White Paper on standards related to ICT security in January 2014.
See: www.etsi.org/news-events/news/740-2014-01-press-release-on-security-white-paper

ETSI has decided to establish a new Technical Committee that will develop standards in relation to cybersecurity. The first meeting of ETSI TC CYBER will be held on 27-28 May 2014.
See: www.etsi.org/news-events/news/769-2014-03-etsi-to-develop-european-standards-for-cybersecurity

Several standards relating to information security have already been developed by recognized standardization organizations. These include the ISO/IEC 27000 series of standards for information security management, which have been adopted and published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
See: www.iso.org/iso/home/standards/management-standards/iso27001.htm

CEN (European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization) are organizations that develop and adopt European standards in relation to a wide range of materials, products, services and processes.
The members of CEN and CENELEC are the National Standards Bodies and National Electrotechnical Committees of 33 European countries including all 28 EU Member States plus 3 EFTA countries (Iceland, Norway and Switzerland) and 2 EU candidate countries (Turkey and the former Yugoslav Republic of Macedonia). European Standards (ENs) that have been adopted by CEN and CENELEC are accepted and recognized in all of these countries.

CEN and CENELEC collaborate with the international standardization organizations ISO and IEC.

For more information about CEN and CENELEC, please see: www.cencenelec.eu

ETSI produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, aeronautical, broadcast and internet technologies. ETSI is an independent, not-for-profit association whose more than 700 member companies and organizations, drawn from 63 countries across 5 continents worldwide, determine its work programme and participate directly in its work.

For more information about ETSI, please see: www.etsi.org

CEN, CENELEC and ETSI are officially recognized by the European Union as European Standardization Organizations, as defined by EU Regulation 1025/2012

European Standards facilitate cross-border trade and strengthen the European Single Market. They enable businesses and other organizations to ensure quality and performance, to protect health and safety, and (in certain cases) to comply with relevant regulations.

Contact ETSI:
Claire Boyer
Tel: +33 (0)4 92 94 43 35
Mobile: +33 (0)6 87 60 84 40
Email: claire.boyer@etsi.org
Twitter: @ETSI_STANDARDS