Research to develop smart contract-related standards for Cyber Resilience
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
My work comprises primarily of research into smart contracts to support the European standardisation efforts concerning the Cyber Resilience Act (CRA). The objective is to explore the integration of smart contracts within the CRA framework regarding cybersecurity. I will assess how smart contracts can address and support specific standards developed for products with digital elements under the CRA. In particular, the research will focus on how smart contracts will enable compliance with areas like data confidentiality, data integrity, and protection against unauthorised access.
What is the expected result and impact of this activity?
The research will produce insights and actionable items that will inform the standardisation process for smart contracts in the context of the CRA. In particular, the intended result of this research is to contribute to the identified cybersecurity standards on products with digital elements, enhancing the work of European Standardisation bodies and illuminating the potential of smart contract applications for cybersecurity, particularly within the context of the CRA. Conducting research in this area will facilitate the adoption of standardised and consistent rules for the application of smart contracts in cybersecurity, opening the door for practical implementation in regulatory frameworks, such as the CRA.
From a European perspective, the proposed activity will set the foundation for the industry-wide adoption of smart contracts as a crucial tool for enabling automated compliance in standardisation frameworks. Such contribution is bound to assist with the development of other relevant standards within the cybersecurity standardisation framework, thus significantly enhancing and guiding the work of other European as well as International Standardisation Organisations and Institutions. By carrying out research in this line of standardisation, the presence and leadership of the EU on the global cybersecurity standardisation framework will be robust and evident. Furthermore, given smart contracts’ automation features, the proposed activity will support and promote the continuous monitoring of products’ compliance with the EU cybersecurity standards. This aligns with the CRA’s emphasis on lifecycle management with smart contracts monitoring compliance from the design until the disposal of digital element products.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Horizontal standards for security requirements relating to the properties of products with digital elements.
Horizontal standard 5 – Ensuring protection of products with digital elements from unauthorised access and reporting on possible unauthorised access
Horizontal standard 6 – Protecting the confidentiality of data stored, transmitted or otherwise processed by a product with digital elements.
Horizontal standard 7 – Protecting the integrity of data, commands, and programs by a product with digital elements, and its configuration against any manipulation or modification not authorised by the user, as well as reporting on corruptions.
Horizontal standard 14 – Securely and easily removing or transferring all data and setting of a product with digital elements.
