28 October 2020
CyberSec4Europe’s Recognition by ISO/IEC
Standardisation is an important stepping-stone in popularising and disseminating new technologies, helping to unify the terminology and models related to their deployment and use. It simplifies procurement by both governments and businesses and is expected to grow the market in the long run.
Some standards have become almost brand names, such as:
- the ISO/IEC 27000/27700 series on Information Security Management Systems
- the ISO/IEC 11770 family on key management
- the ISO/IEC 24760 family on identity management; and
- the ISO/IEC 29100 privacy framework.
All these standards were developed in subcommittee 27 “Information security, cybersecurity and privacy protection” of the ISO/IEC Joint Technical Committee 1 “Information technology” (ISO/IEC JTC 1/SC 27).
Hence, in 2019 CyberSec4Europe decided to apply for a liaison relationship with two SC27 Working Groups:
- WG 2 Cryptography and security mechanisms; and
- WG 5 Identity management and privacy technologies
This initiated an intensive process including an analysis of CyberSec4Europe’s constitution by the ISO Central Secretariat, an assessment of CyberSec4Europe’s competencies by both WG 2 and WG 5 as represented by Stephan Krenn (AIT) to WG 2 and Liina Kamm (Cybernetica) to WG 5 and, based on this, letter ballots by both SC 27 and JTC 1.
Just in time for the September meetings of the SC27 WGs, this process was concluded successfully and CyberSec4Europe was approved as a liaison partner, meaning that now CyberSec4Europe members can engage with both WGs. Liina Kamm and Stephan Krenn were accepted as CyberSec4Europe Liaison Officers with Liina chiefly responsible for managing the process.
Liina explains: “Now CyberSec4Europe and its members can keep themselves up-to-date on the newest developments in international standards and can directly give valuable input and feedback to ongoing standardisation projects, making use of the competencies and results of CyberSec4Europe.”
Due to COVID-19 the recent SC 27 WG meetings were held online, otherwise they would have been held in Warsaw hosted by the National Institute of Telecommunications, which nevertheless hosted an impressive hybrid conference on “The Future of Standards in Cybersecurity”.
Multiple standardisation efforts are underway in SC 27 that relate to topics relevant to CyberSec4Europe. For example, WG 2 is working on standardising secure multiparty computation mechanisms based on secret sharing (ISO/IEC WD 4922-2); whereas WG 5 is creating a user-centric framework for the handling of personally identifiable information (PII) based on privacy preferences (ISO/IEC CD 27556.2) and a framework for privacy-enhancing data de-identification (ISO/IEC WD 27559).
At CyberSec4Europe we are certain that our experts can contribute to these and other relevant ongoing standardisation projects. The next subcommittee and working group meetings will take place online in April 2021.