Presentation by Dr. Detlef Houdeau, Eurosmart Vice-President at the 2018 eID Forum
The Performing Ethical Hacking on critical hardware and software, has allowed main critical sectors such as financial transaction, communication transaction, electronic documents, qualified signature devices and HSM to be immune from significant attacks.
Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded Software thanks to the 20 years of expertise created by the SOGIS MRA.
➥🔝 7737669865 🔝▻ kakinada Call-girls in Women Seeking Men 🔝kakinada🔝 Escor...
Ethical hacking, the way to get product & solution confidence and trust in an hyper connected world
1. EID FORUM : TALLINN ESTONIA
Ethical hacking, the way to get product & solution
confidence and trust in an hyper connected world
19th September 2018
1
Detlef HOUDEAU – Eurosmart Vice president
2. Why having eVoice session on the Ethical Hacking?
The Performing Ethical Hacking on critical hardware and software, has
allowed main critical sectors such as financial transaction, communication transaction,
electronic documents, qualified signature devices and HSM to be immune from significant
attacks.
2
Estonia
e.g. ROCA (2018) e.g. Web (2007)
Europe
e.g. SHA-1 e.g. Mirai
e.g. RSA-1028 e.g. Wannacry
e.g. Petya
Vulnerability Attack
3. Exposure to potential attacks
3
Threat
agent
Threat
Vulnerabilities
Risk
Exposure
Asset
creates
exploits
leads to
can
affect
and
causes
Ethical Hacking / Pen-testing
confirms
SCP: Secure Channel Protocol
DDoS: Distributes Denial of Service
4. Ethical Hacking: Definition
4
Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded
Software thanks to the 20 years of expertise created by the SOGIS MRA.
“Ethical Hacking” means the act of identifying and locating the
weaknesses and vulnerabilities of devices or information systems by
anticipating the intent, actions and skills of malicious hackers.
It is done on a defensive purpose in order to improve the security of
devices and information systems, and to give a level of assurance
that once released and operated in a given environment, and they will
resist to attacks performed by hackers with similar profile.
SOG-IS: Senior Officials Group on Information Systems
MRA: Mutual Recognition Agreement
5. Digital Single Market (2015) & Digital Agenda (2020), included
Cybersecurity
5
The Charter of
Fundamental Rights of
the European Union
General Data
Protection Regulation
NIS Directive
(EU) 2016/1148
Cybersecurity Act
regulation (ENISA /
Cyber Certification)
eIDAS Regulation
EC/910/2014
European Values Digital IdentitiesCybersecurity
Cryptography / Encryption
Identification, Authentication, Signature,
Biometric Passport
EC/2252/2004
Residence Permit
EC/13502/2007
*
* Trialogues has started on the 13th of September
6. 6
Typical product or service pillars
Seen from the industry : standards, conformity and certification
landscape
Challenge:
• Position products/components certification in the holistic scope of IoT ( including
services and processes)
7. Certification process as per the Cybersecurity Act : The
upcoming EU regulation
''Cybersecurity Act'‘ :
Regulation proposal on creating the EU Cybersecurity Agency and defining the Information and Communication
Technology cybersecurity certification
7
Part 1 & 2
Enhancing ENISA coordination activities
amongst the EU national cybersecurity agency
Part 3
Defining the EU Cybersecurity certification
framework
Step 1: Creation & Governance of a new Certification Scheme at EU Level – Voluntary scheme for the
industry but mandatory that member states put it into in place
Step 2: Enforcement of the new Certification Scheme at the national level (e.g. Actors in France)
Step 3: Introduction of new Certification Schemes (created in the Step 1) that could be mandatory
based on sectorial regulations with a risk-based approach: Using sectorial regulations from
different EC DGs (FISMA, CONNECT, GROW, HOME, MOVE etc.)