International standardisation (e.g., in ISO/IEC, but also CEN/CENELEC and ETSI) is one channel for technology dissemination for all kinds of organisations in the world. Companies and governments are coming together to contribute their best practices and agree on interoperability, compliance and certification.
Global technology companies are active in pushing their terminology and technological concepts into standardisation processes. The European technology companies, including the cybersecurity industry, should engage in the same practice. Especially as through European collaboration by multiple Member States, there will be more impact in such activities.
Why standardisation?
Even though standardisation is a long-term strategy with no immediate return on investment, it will be instrumental in ensuring that European companies grow in size to compete on the global market.
Researchers are envisioning the future with new technologies that promise a cleaner environment, better security, more efficient work and better health. Through research activities, R&D forms the best practice for the future for both leading edge and existing technologies.
Thus, engaging in standardisation is a channel for global dissemination of research concepts. A standardised concept may be used by governments, companies and other organisations worldwide, proliferating EU research results. While it may not immediately be a source of citations or additional research funding, standardisation of results will also inspire new research on the same topics, increasing impact over a longer period.
Twofold benefits of the mapping of cybersecurity standards and research challenges
Even though experts in cybersecurity are aware of the existence of standardisation and standards in their fields, it is not a trivial task to have an adequate overview of all the standard projects that could be relevant to each topic. The CyberSec4Europe deliverable, Project Standards Matrix, presents a mapping of the project verticals and research challenges to privacy and cybersecurity standards from ISO/IEC, CEN/CENELEC and ETSI. The report has been compiled foremost to direct the attention of the project partners to the standards and technical reports that could be relevant in their vertical or research topic so that they can more quickly find the necessary information.
On the other hand, all of the pilot competence centres include many capable specialists whose expertise can be a great benefit to the standardisation projects that are still being developed. CyberSec4Europe can contribute the research results and insights that have been gathered throughout the project to the standards that are under development. Many CyberSec4Europe partners are also involved in standardisation activities, so this can be another way of approaching disseminating the results of the project and ensuring that leading edge research reaches standardisation projects.
Liina Kamm, Cybernetica