The new EU CyberSecurity Act
Summary
Or how to prevent the EU from becoming the worlds largest botnet honeypot
Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases. Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix.
Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases. Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix. Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally. Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end.
A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for: Medical devices Automotive Domotica
This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard:
“ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.”
What does this standard encompass? What does open-source and free software have to do with this?
Let’s have a closer look in this talk!
Type
Talk
Language
English
Speaker
In an entrepreneurial career Robin Edgar has lead many projects for customers ranging from multinational stock exchange listed companies to small and medium sized business. Currently, Robin Edgar is consulting on organisational structures and strategy as well as IT projects, holding workshops on IT security for upper management as well as writing a book to motivate people to think about their careers. Guiding listed multinationals and smaller or mid-sized organisations, Robin Edgar is able to implement a clear structure and strategy in all levels of an organisation. By doing so, his goal is to increase efficiency, resulting in growth. With a strong international background, Robin Edgar has been exposed to many different cultures from a very early age. This has affected his views on life and interactions with others, creating a flexible approach to understanding differing points of view and ways of achieving results.
Speaker
Independent consultant, open-source enthusiast (openSUSE, Drupal, etc). Also a big classical music lover (artistic manager of the Huygensfestival in Voorburg, supporter of several international chamber music festivals in/around The Hague, The Netherlands). One of my companies basic philosophies is, if open-source provides you with a stable revenue (thank you, 10x), you should do something in return. So my company donates 10% of its annual profit to one of the projects we've been using that year. This contribution can also be by providing help, i.e. in 2015 I was project lead and organizer for openSUSE conference in The Hague!
