Cybersecurity regulation and certification under debate

    More than 40 cybersecurity professionals took part in ‘Cybersecurity: Challenges and Regulations in a Connected World’ in Madrid last Thursday, June 27.
    Over the course of the event, a variety of experts considered how increased connectivity has brought with it new vulnerabilities in the field of cybersecurity, centring the debate on two key sectors: industrial control systems and the automotive industry.
    Sergio González from Applus+ Laboratories explained why “legacy” industrial control systems are so insecure and why the measures currently in place to combat this lack of security are not up to tackling the challenges posed by the hyperconnectivity and extremely long life cycles of these systems. González also provided an assessment of existing product certification schemes (CC, Lince, ISA and UL) and the future ones Applus+ is in the process of helping to develop (ICCF), setting out the standards to which these new schemes should be aspiring.
    Daniel Schmith from Infineon gave an overview of cybersecurity in industry, focusing on the cryptographic mechanisms necessary to ensure protection and outlining some of the solutions on offer at Infineon.
    Alejandro Manillas from Applus+ IDIADA assessed the cybersecurity risks in the automotive industry and presented the tools currently provided by Applus+ IDIADA for risk assessments and penetration tests on vehicles’ connected systems.
    One of the central themes of the event was the new EU Cybersecurity Act, which entered into force on Thursday. Josepmaria Roca, IT Labs Manager at Applus+ Laboratories, was charged with introducing this new regulation. He examined the global regulatory landscape with a particular focus on the Cybersecurity Act. A panel of experts provided a more in-depth assessment of this new regulation from a range of different perspectives (academia, public sector and manufacturing).
    Spain’s National Cryptologic Centre brought the event to a close with an explanation of the EU regulation’s various security levels.