“How does standardization contribute to IT security in the Digital Single Market?”
This was the topic of the DIN discussion event hosted by the Permanent Representative of the Federal Republic of Germany to the European Union in Brussels on 11 July 2017.
Presenting to over 80 participants, DIN Executive Council member Rüdiger Marquardt proffered standardization as an instrument that can be used to develop detailed solutions pursuant both to the legislative requirements of the German NIS directive and the General Data Protection Regulation. Many fundamental standards already exist in the ISO/IEC 27000 series on IT security management. Sector-specific standards must now follow, the responsibility lying with standards organizations to cooperate with one another in a manner that preserves the consistency of the transnational body of standards.
Mr Strotmann welcomed the contribution of standardization to cyber security and the creation of a Digital Single Market. The Commission does not wish to politicize standardization unnecessarily, said Strotmann, acknowledging that individual Directorates General would have to cooperate more closely when assigning standardization mandates.
Sibylle Gabler, Head of Government Relations at DIN, discussed possible gaps in legislation governing network security of the Internet of Things with a highly qualified panel. Further topics discussed were the ISO standard “Common Criteria” pertaining to IT security of products, a risk-based approach and numerous future possibilities for an IT security certification.
The following panellists took part: Dr. Andreas Schwab, Member of the European Parliament and Rapporteur on the NIS directive, Luigi Rebuffi, General Secretary of the European Cyber Security Organisation, Bernd Kowalski, Head of the Federal Office for Information Security, Markus Reigl, Director of the Technical Regulation and Standardization at Siemens as well as Jean-Pierre Quémard, Chair of the Cyber Security Coordination Group.