Agile conformance assessment for cybersecurity CERTIFication enhanced by Artificial Intelligence

Agile conformance assessment for cybersecurity CERTIFication enhanced by Artificial Intelligence

According to the EU Cyber Resilience Act, “hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of EUR 5.5 trillion by 2021”. This is due to a low level of cybersecurity, reflected by widespread vulnerabilities and inadequate approaches for identifying and mitigating the rapidly and constantly evolving cyber threats and vulnerabilities, as well as ensuring continuous compliance with regulations, industry standards, and best practices. To reduce the impact of cyberattacks and increase the resilience of digital technologies, it is essential to assess the conformity to security standards of ICT products, services, and processes throughout their life cycle. However, the traditional conformity assessment process is predominantly a static and expensive one-time assurance activity that does not cater to the needs of agile product delivery, which promotes continuous product updates and upgrades, and often changes in requirements. Each such update opens doors to product vulnerabilities, and consequently poses cyber risks for product users and companies’ reputation. To avoid these issues, it is essential to enable a partial and continuous lean re-certification of ICT products, services, and processes, to empower manufacturers to prevent, detect, counter and quickly respond to cyber threats. In response to these challenges, the CERTIFAI project will develop an open software framework for cost-effective AI-driven continuous assessment and (re-)certification of ICT products and services, paving the way for a more secure and trustworthy EU’s digital world. Building on the EU Cybersecurity Act, CERTIFAI will leverage the established cybersecurity requirements, standards, and technical specifications to deliver an efficient approach for ensuring that a product, once certified, will continue to be compliant with relevant standards throughout its life cycle.