ENISA works together with European semiconductor industry on key cybersecurity areas

The EU Agency for Network and Information security – ENISA – together with industry recently reached a common position on cybersecurity, that reflects the concerns of industry and provides a set of suggestions for policy makers. The paper focuses on four main areas actively debated at the EU level: standardisation and certification, security processes and services, security requirements and implementation, and the economic dimensions.

The paper identifies key challenges and recommendations identified for the European Commission to:

• define a policy framework for ensuring minimal security requirements for connected devices. The development of European security standards needs to become more efficient and/or adapted to new circumstances related to Internet of Things (IoT). Based on those requirements, a European scheme for certification and the development of an associated trust label should be evaluated.
• ensure that reliable security processes and services are being developed to support industry in implementing security features in their products (e.g. through providing information and training about state-of-the art security solutions).
• encourage the development of mandatory staged requirements for security and privacy in the IoT, including some minimal requirements. These common principles should be considered in future revisions and new legislative initiatives.
• create a level playing field for cybersecurity and look into incentives similar to the Digital Security Bonus in order to reward the use of good security practices.

ENISA’s Executive Director Udo Helmbrecht said: “Trusted solutions and a common defined level for the security and privacy of connected and smart devices is both recommended and needed, to allow Europe to reap the benefits of soon to become ubiquitous technologies. As such, standardisation and certification have been identified as a priority, to accelerate the level playing field for the entire industry and reflect the trust of citizens, consumers and businesses in the connected environment”.

“Pervasive connectivity over the Internet of Things means that security is becoming an important issue for just about all citizens – whether they be using a computing device, TV or washing machine. The European policy framework is set to define easy-to-use measures that will give industry the guidance it requires and consumers the transparency they need,” said Dr. Stefan Hofschen, Division President Chip Card & Security at Infineon Technologies. “On the product side, security solutions based on certified, hardware security trust anchors are already available today to serve the increasing security requirements.”

 “The growth in IoT and connected devices creates a tremendous amount of opportunity for businesses and consumers. How the industry comes together, agrees on common principles to address complex concerns like security, can break down the barriers of adoption and is key to fostering this market,” said Rüdiger Stroh, ‎Executive Vice President & General Manager of Security and Connectivity at NXP® Semiconductors. “Security and privacy by design, a proven approach that grew business streams for mobile phones, cars and wearable manufacturers, help build trust between businesses and consumers. Our vision is to help grow the IoT market and bring this quality of security to other IoT applications.”   

“This initiative will increase the much-needed awareness for security in IoT devices and organize a collective effort to establish important standards to help deliver it, which will ultimately bring big benefits to consumers and businesses,” said Marie-France Florentin Group Vice President & General Manager of Secure Microcontroller Division at STMicroelectronics. “With its long history and valuable expertise in embedded security, ST is in a strong position to make vital contributions to this key framework.”

The common position was developed by Infineon, NXP, and STMicroelectronics, supported by ENISA. The Agency aims at working further with industry and seeks the support of more actors in the semi-conductor and chip-product manufacturer field, application and service providers.

Furthermore, ENISA is working alongside the Commission and cooperates with the recently formed cPPP (contractual Public-Private Partnership) in order to define a roadmap on NIS Certification, and looks forward to supporting the Commission in the NIS Certification policy area.

Position paper available online.

About ENISA: The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. ENISA supports the EU and the Member States in enhancing and strengthening their capability and preparedness to prevent, detect and respond to network and information security problems and incidents.

Infineon Technologies is a world leader in semiconductor solutions that make life easier, safer and greener. Barely visible, semiconductors have become an indispensable part of our daily lives. Chips from Infineon play an essential role wherever energy is generated, transmitted and used efficiently. They safeguard data communication, reduce harmful emissions produced by cars and are paving the way for driverless vehicles. Microelectronics from Infineon is the key to a better future.

NXP Semiconductors enables secure connections and infrastructure for a smarter world, advancing solutions that make lives easier, better and safer. As a technology developer with decades of expertise for secure connectivity solutions in embedded applications, NXP is driving innovation in the secure connected vehicle, end-to-end security & privacy and smart connected solutions markets.

STMicroelectronics is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities homes, along with the next generation of mobile and Internet of Things devices. With a 20-year presence in security, ST supplies the market’s most advanced technologies and solutions and is committed to contributing to a more secure connected world. By getting more from technology to get more from life, ST stands for life.augmented.

For interviews and press enquiries please contact [email protected]

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS