INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
David HanlonIEC Secretary of the
Conformity Assessment Board
Cybersecurity Standardization
and the Cybersecurity Act:Where are we today ?
Brussels, 2019-01-21
2
CRITICAL INFRASTRUCTUR
E
CYBERSECURITY
SMART GRID
CLOUD COMPUTING
AVIONICS
ELECTRICITY
HEALTH SERVICES
Cyber threat is a worldwide phenomenon
Cybersecurity requires a worldwide approach
3
Standards Development (SD)
International Standards
Conformity Assessment (CA)
Global CA Systems
IEC International
Electrotechnical
Commission
Since 1906
Since 1974
80% of CENELEC standards
are adopted from IEC standards
Cybersecurity certification services
since 2017 (to IEC 62443 series)
VARIATION
Doubt in CA resultsLack of trustDuplication of assessmentsAdded costsTrade barriers
ACCREDITATION
In the real world there are
• Competent CABs too strong
• Competent CABs too weak
• Competent CABs correct
• Incompetent CABs
• Fraudulent CABs
In the real world standards are not perfect
Consensus based sometimes needs interpretation
4
Consistent Assessment
Eg: Assessment relies on “professional judgement”
of the application of standards
VARIATION
Doubt in CA resultsLack of trustDuplication of assessmentsAdded costsTrade barriers
ACCREDITATION
In the real world standards are not perfect
Consensus based sometimes needs interpretation
5
Eg: Assessment relies on “professional judgement”
In the real world there are
• Competent CABs too strong
• Competent CABs too weak
• Competent CABs correct
• Incompetent CABs
• Fraudulent CABs
IEC CA Systemcommon interpretation
peer assessment
common rulescommon methodologies
Consistent comparable
CA results, worldwide
World’s Best Practice attested by United Nations
Consistent Assessmentof the application of standards
Highest cost-benefit cybersecurity
Optimization formula
Highest cost-benefit cybersecurity
= requirements based oninternational standards
+ competent CABs (accreditation)
+ consistent & comparable
CA results worldwide
(IEC CA Systems)
6
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
David HanlonIEC Secretary of the
Conformity Assessment Board
Cybersecurity Standardization
and the Cybersecurity Act:Where are we today ?
Brussels, 2019-01-21