CyberSec4Europe Insights

CyberSec4Europe Insights are a series of broadcasts and webinars relating to the different topics associated with cybersecurity and the work of the project.

The fifth Insights webinar will take place at 12:00-13:00 CEST on 22 July 2021 on the topic, ‘Introducing Fixed-Time Cybersecurity Evaluation Methodology for ICT Products (FITCEM/prEN 17640)‘ and presented by Dr Helge Kreutzmann from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik or BSI).

Please register here if you wish to participate.

About the webinar

To perform a security evaluation, a sound methodology is required, to ensure comparable and consistent results. While for longstanding standards like Common Criteria those methodologies are present, popular alternatives in the fixed-time or lightweight domain are currently lacking an agreed upon (European) methodology. To fill this need, CEN/CENELC JTC13 WG3 launched the development of such a methodology, for which the speaker is the main editor.

The talk will give a brief overview over the necessity and history of the methodology. Afterwards the agreed design principles and the structure are present and certain evaluation tasks will be highlighted. The third part will discuss how this evaluation methodology fits into one (or possibly more) cybersecurity certification schemes according to the Cybersecurity Act (CSA) of the European Union. In this part, a brief introduction of the CSA will be given. The final part will be devoted to open questions and unresolved (or postponed) issues.

About the speaker

Helge Kreutzmann received a PhD in physics before joining the Federal Office for Information Security in 2005. He started working on accrediting laboratories for the German certification scheme as well as setting up the auditor certification for IT-Grundschutz. He was involved in several certification and accreditation requirement specifications on the national level. Since 2019 he is in charge of setting up the German fixed-time certification scheme (also known as “lightweight” scheme) BSZ (“Accelerated Security Certification”).

Helge is and has been working in numerous national, European and International standardisation organisations like DIN, CEN/CENELC JTC 13 WG3 and ISO/IEC JTC1 WG1, 3 and 5 and has lead numerous projects as editor to publication. Currently he is leading (amongst others) the work on FIT CEM, an evaluation methodology for fixed time cybersecurity evaluation. He was also involved in the development of drafts for several candidate schemes for the European Cybersecurity Act (CSA).

Past Insights

17 May 2021: Developments in European regulations

19 February 2021: Towards more transparent security certifications – mining Common Criteria and FIPS140-2 certificates

29 January 2021:  Cybersecurity & Standards – How supports European specialists in the international landscape

18 December 2020: Integrating an ecosystem perspective in cybersecurity standards