New PKIs in the Quantum World
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work I will carry out for the 6th CYBERSTAND SSP consists of contributions in terms of comments, active participation in the related meetings and participation in the drafting process of the requested harmonised European Standard for which I have been funded.
My work will focus, more in detail, on the formulation of essential cybersecurity requirements for PKI (Public Key Infrastructure) and digital issuance software, corresponding to item 24 of the list of the new European Standards to be drafted under the CRA Standardisation Request, ANNEX I.
What is the expected result and impact of this activity?
The expected result of the activity I will contribute to is a harmonised European Standard dealing with PKI and digital issuance software; the impact of my contribution will be to foster a unifying, all-encompassing approach which takes into account also recently emerging threats to PKIs and their cryptographic layer, such as the Quantum Computing threat.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
I am focusing on the risk definition and risk assessment in the PKI context, particularly if related to the quantum threat; moreover, I am also focusing on the interplay between the CRA and other European Regulations or Directives to highlight potential overlaps or inconsistencies, in order to guarantee that the resulting legal framework is coherent.
