With the entry into force of the EU Cybersecurity Act on June 27 2019, a EU wide cybersecurity certification framework is under definition for information and communication technology (ICT) products, services, and processes. One of the motivations for the adoption of this new EU regulation is that “the limited use of certification leads to individual, organizational and business users having insufficient information about the cybersecurity features of ICT products, ICT services, and ICT processes, which undermines trust in digital solutions.” The Cybersecurity Act aims to improve trust in products, services, and processes by defining an EU-wide certification framework consisting of cybersecurity certification schemes that specify common cybersecurity requirements and evaluation criteria across national markets and sectors. Cybersecurity certification will be voluntary, and only sector specific standards will specify the conditions under which cybersecurity certification will be mandatory.
The underlying assumption in the EU cybersecurity act is that products, services and processes that are certified will be viewed as more trustworthy by users. Companies going through certification would thus benefit from a competitive advantage. Cybersecurity certification suffers from an image as a costly and time consuming process. One of the keys to success for the EU cybersecurity act is to promote standards that are lightweight, flexible and incremental in order to encourage organisations to voluntarily certify their ICT products, services, and processes. New Certification schemes are currently under definition as part of the rolling work programme in the areas of industrial systems and cloud services. Processes for the evaluation and review of schemes are planned (Article 49(8)). Such reviews can lead to updates to the certification schemes.
The objective of the workshop is to establish a state of the art in the area of cybersecurity certification, and to provide a forum for exchange of ideas between researchers working on cybersecurity and certification issues, and security experts whose technologies could be applied to certification. CyberCert 2021 seeks high-quality research and experimentation contributions in the form of well-developed full papers. Topics of interest encompass research advances in all areas of security, trust and privacy in relation to certification. Topics of particular interest are the following: how to determine and measure the usefulness of certification schemes, how to share certification evidence, lightweight certification schemes, approaches that integrate certification processes within security engineering processes and, incremental certification. CyberCert 2021 brings together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers.
Topics of interest include but are not limited to:
Submission page: https://easychair.org/conferences/?conf=eurosp2021, and select the CyberCert workshop.
Authors are invited to submit papers formatted according to IEEE conference style 2-column (10 pages limit). Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp-2021-template.zip. We suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied, and then write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.
Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.
Submissions will be accepted until 23:59 GMT, June 2, 2021 at the workshop submission page. Papers will be published by IEEE Xplore in a volume accompanying the main IEEE EuroS&P 2021 proceedings. In case of acceptance of a paper at least one author must present the contribution at the workshop, otherwise it will be removed from the list of publications.
Program chairs: Philippe Massonet (CETIC, Belgium), Tobias Fiebig (TU Delft, Netherlands).
| Name | Organisation |
|---|---|
| Thibaud Antignac | CEA, France |
| Volkmar Lotz | SAP, France |
| Artsiom Yautsiukhin | CNR, Italy |
| Nicolò Maunero | CINI/Politecnico di Torino, Italy |
| Kai Rannenberg | Chair of Mobile Business & Multilateral Security, Goethe University Frankfurt, Germany |
| Chatzopoulou Argyro | TÜV TRUST IT GmbH, TÜV Austria Group, Germany |
| Liina Kamm | Cybernetica AS, Estonia |
| Vashek Matyas | Masaryk University, Czechia |
| Douglas Wiemer | Rhea Group, Belgium |
| Barbara Carminati | University of Insubria, Italy |
The CyberCert 2021 program is available at https://secweb.work/. The CyberCert workshop is co-located with the SecWeb workshop.
Venue
All-digital workshop, co-located with IEEE EuroS&P 2021 all-digital conference.
Registration
To be announced
Proceedings Publication
Publication of CyberCert 2021 proceedings is through IEEE Xplore in a volume accompanying the main IEEE EuroS&P 2021 proceedings.
Organization
The workshop is co-organised by the four H2020 pilot projects SPARTA, CyberSec4Europe, Concordia and ECHO for establishing a European Cybersecurity Competence Network and developing a common European Cybersecurity Research & Innovation Roadmap.