The new EU CyberSecurity Act
Or how to prevent the EU from becoming the worlds largest botnet honeypot
Hans de Raad
Independent consultant, open-source enthusiast (openSUSE, Drupal, etc). Also a big classical music lover (artistic manager of the Huygensfestival in Voorburg, supporter of several international chamber music festivals in/around The Hague, The Netherlands). One of my companies basic philosophies is, if open-source provides you with a stable revenue (thank you, 10x), you should do something in return. So my company donates 10% of its annual profit to one of the projects we've been using that year. This contribution can also be by providing help, i.e. in 2015 I was project lead and organizer for openSUSE conference in The Hague!
Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases.
Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix.
Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally.
Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end.
A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for:
This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard:
“ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.”
What does this standard encompass? What does open-source and free software have to do with this?
Let’s have a closer look in this talk!
- 2018 May 26 15:00
- 45 min
- 107 (Small)
- openSUSE Conference 2018
- Open Source