Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems
When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that the ECCF has come to life in European legislation, under a voluntary basis, it is likely that in the future cybersecurity certification will become mandatory for everything IT and OT. If this new assumption happens to be true, the Industry at large, and our European authorities along with ENISA and the ECCF processes will be faced with new challenges. This presentation first recalls the roots of the ICCF and ECCF. Next, it explicits the future challenges associated with its implementation. The presentation concludes with the presentation of a possible two-staged strategy to address these future challenges.