Cyber Regulation: Sovereignty Through Open Solutions

Who are we?

As a European leader in contactless access control, we have been advocating for open solutions and the sovereignty of our users in security matters since 1996. We were the first manufacturer to receive CSPN certification (Certification of First Level Security, the strictest in France), and we continually innovate to provide long-term protection for governments, public services, or private companies, while assisting in the implementation of intricated regulatory frameworks. We are a founding member of the SPAC Alliance, a federation of major security actors in Europe, with a triple mission of providing information to all, influencing regulators, and promoting standards and open solutions such as the SSCP communication protocol.

With the introduction of NIS 2 (Network and Information Security 2) and the CER (Critical Entities Resilience directive), the European Union is committed to decisively curtailing the proliferation of cyber threats and advancing the establishment of genuine digital sovereignty. Our analysis of these legislative texts reveals that open solutions represent the sole viable path for achieving this enduring objective, a perspective shared by the SPAC Alliance, whose "Ultimate Cyber Survival Guide" can be downloaded here.

End-to-end security

Taking a step back to 2016, NIS (version 1) imposed cyber obligations on the most critical actors within the Union. This initial step only partially addressed the surge in cyberthreat, which is projected to reach a staggering $10 trillion by 2025, equivalent to the third-largest global GDP. Nevertheless, it served as a catalyst for identifying several strategic improvement areas included in NIS 2 and the CER:

  • A tenfold increase in affected entities: The number of sectors involved expands from 7 to 18, multiplying the count of actors classified as Critical Entities (CE), Essential Entities (EE), or Important Entities (IE).
  • Proportional obligations at each level of criticality, defined by each state, along with fines that can reach up to 2% of global annual turnover.
  • Mandatory participation in a cross-border network coordinating the European cyber response, ensuring prevention, measurement, detection, and disaster response.
  • End-to-end security: Issues related to physical security are integrated into the cyber equation to address hybrid attacks that involve infiltrating a site to compromise its operating system.

This new definition of cybersecurity is not easy to grasp. Several aspects now need to be considered comprehensively:

  • From end to end of your business operations (including the supply chain and customers)
  • From end to end of the Union (from citizens to European institutions)
  • From end to end of your site (from your parking lot entrance to the server).

Interoperability, scalability, and autonomy.

The connection between physical and logical security is now officially recognized by the institutions. This is a historical expertise that we have built upon our open solutions, foreseeing these regulations well in advance.

Indeed, openness is the only option that certifies both interoperability and scalability of a system: all components, whether physical or logical, can interact with each other, combine to provide customized functionalities, mutually protect each other, and be ready to incorporate future innovations.

For instance, an attempt to force an access reader should trigger area lighting, sound the alarm, alert an operator, and lock the network to prevent any data theft or infection. 

Intelligent and open systems like these represent the (very near) future of security. They not only ensure the security independence of users, who should remain free to innovate, customize their solutions, and adapt them to their needs over the long term without being subject to someone else's choices but also guarantee full control over their data.

The era of limiting proprietary technologies is over.

We will soon explain why we are certain of this through a comprehensive guide on European Digital Sovereignty, encompassing NIS 2 and the CER, and introducing the ambitious concept of Global Security.

In the meantime, we invite you to download the Ultimate Cyber Survival Guide (published by the SPAC Alliance with our participation). Just a few minutes will be enough to determine if you might be potentially affected by these regulations, what obligations you may need to adhere to, and to receive advice based on the collective experience of all members to prepare yourself with peace of mind before the regulations come into effect (October 2024 is approaching fast!).

Author: Tibaud ESTIENNE, STid