Por si no teníamos suficientes entidades dedicándose a la ciberseguridad, las tres entidades de estandarización europea han constituido un grupo de trabajo, el Cyber Security Coordination Group (CSCG), quien publicó la semana pasada un “Libro blanco” . En el mismo se alcanzan 9 recomendaciones que dirigen a la Comisión Europea para que las tenga en consideración en política de estandarización en CiberSeguridad. Aquí las encontraréis en perfecto inglés:
[...] The Cyber Security Coordination Group (CSCG) of CEN, CENELEC and ETSI is the only joint group of the three officially recognised European Standardisation Organisations with a mandate for coordinating Cyber Security standards within their organisations. The CSCG was created in late 2011 to provide strategic advice on standardisation in the field of IT security, Network and Information Security (NIS) and Cyber Security (CS).
This White Paper is the CSCG’s response to the European Union’s Cyber Security Strategy, which was jointly issued by the European Commission and the High Representative of the European Union for Foreign Affairs and Security Policy on 7th February 2013.
To this end the CSCG has formulated the following nine Recommendations:
1. The EC should mandate the CSCG to create a governance framework for the coordination of Cyber Security standardisation within Europe.
2. The EC should establish a clear and common understanding of the scope of Cyber Security, based on an initiative the CSCG plans to launch to clarify the key terms and definitions used in the standardisation of and communication related to Cyber Security within the European Union.
3. The EC should mandate CEN/CENELEC/ETSI to launch an initiative to re-establish the trust of the European citizen in the European digital environment, coordinated by the CSCG and aimed at producing standards to create the most trustworthy environment in the world; this should include privacy and harmonised objectives for education and awareness.
4. The EC should mandate CEN/CENELEC/ETSI to establish an initiative to produce standardised mechanisms for a strong, interoperable, trustworthy and transparent European Public Key Infrastructure and strong cryptographic capabilities for all participants in the European Digital Single Market.
5. The EC should authorise the CSCG to coordinate the standardisation work for a high-level European Cyber Security Label for information and communication technologies (ICT) to protect the European consumer (objective 4 of the EU Cyber Security Strategy).
6. The EC should mandate CEN/CENELEC/ETSI, with the CSCG coordinating appropriate harmonisation with the European regulatory bodies, to extend existing European Cyber Security requirements and evaluation frameworks to ensure adequate Cyber Security throughout the full ICT value chain and to establish an initiative for risk-based standardisation.
7. The EC should authorise the CSCG to create a high-level interface between the CSCG and the European research community to ensure alignment between standardisation and research including industrial research.
8. The EC, with the support of the CSCG, should engage in an industrial forum to harmonise Cyber Security Standards with key international players and stakeholders according to European requirements.
9. The EC, with the support of the CSCG, should launch a targeted global initiative to promote standards appropriate to European requirements for the development of trustworthy ICT products and services as well as Cyber Security solutions.
Through these Recommendations the CSCG encourages the European institutions to establish a global lead in Cyber Security standardisation, in line with the core values of the European Union (EU), and to take the necessary next steps to make the European online environment the safest in the world, as demanded by the EU’s recently published Cyber Security Strategy. [...]