skip to navigation skip to content

News

 

Boosting cybersecurity

A group of MPhil in Technology Policy students at Cambridge Judge Business School suggest ways to increase adoption of a new European Union cybersecurity certification framework.

Boosting cybersecurity; Glenda Michel, Sam Kee, Thanel Voigt, Moritz Kleinaltenkamp, Peter Cihon

L-R: MPhil in Technology Policy students, Glenda Michel, Sam Kee, Thanel Voigt, Moritz Kleinaltenkamp, Peter Cihon

A group of five MPhil in Technology Policy students at Cambridge Judge Business School concluded in a consultancy report for the European Commission that addressing liability, insurance and clarity-of-information issues would help increase voluntary adoption of a new European Union cybersecurity certification framework.

For their final group project, the students looked at business drivers for adoption of an EU scheme for cybersecurity certification through a cost-benefit analysis framework. The five MPhil in Technology Policy students are Glenda Michel, Sam Kee, Thanel Voigt, Moritz Kleinaltenkamp, Peter Cihon.

The students said that the framework, if enacted, would unify cybersecurity certification across the EU’s single market. While adoption of the framework would be voluntary, their 59-page report – entitled “Why certify: increasing adoption of the proposed EU Cybersecurity Certification Framework” – made three main suggestions to increase voluntary adoption:

  • Enhance liability protection linked to a “duty-of-care” for fault-based liability court cases and regulatory fines.
  • Address insurance issues by creating an “industry-preferred” list of ICT products that receive certification and maintain a database of detailed certification reports.
  • Enhance customer information by standardising information in certification reports for small and medium-sized enterprises, and by making information more transparent to consumers through a web-based approach to labelling.

Dr Florent Frederix of the EU’s Directorate‑General for Communications Networks, Content and Technology (DG CONNECT), said the students “did an outstanding job” that reflected “a good assessment of the state of the art.”

“The analysis the team made was original and inventive in the suggested way towards a larger adoption of cybersecurity certification in Europe. Their contribution did not go unnoticed and resulted in a poster session in the 2018 European Telecommunication Standardisation Institute Cybersecurity Week in Sophia-Antipolis (France) in June 2018.”