The new EU CyberSecurity Act

Or how to prevent the EU from becoming the worlds largest botnet honeypot

Hans de Raad

Playlists: 'osc18' videos starting here / audio / related events

Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases.
Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix.
Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally.
Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end.

A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for:
Medical devices
Automotive
Domotica

This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard:

“ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.”

What does this standard encompass? What does open-source and free software have to do with this?

Let’s have a closer look in this talk!

Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases.
Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix.
Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally.
Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end.

A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for:
Medical devices
Automotive
Domotica

This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard:

“ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.”

What does this standard encompass? What does open-source and free software have to do with this?

Let’s have a closer look in this talk!

Related

Download

Embed

Share:

Tags