The new security standard SAC/PACEv2 (or PACE) has been mandatory in European electronic passports since January 2015. Security protocols, such as PACE protect the personal data stored in the chip of electronic ID documents from skimming and eavesdropping attacks by assuring a secure communication during the verification of the data (e.g. at border control). With the rising number of e-passports carrying the PACE protocol and the establishment of additional security features, such as PACE-CAM, conformity and interoperability challenges are still present. The PACE-CAM security mechanism combines the PACE protocol with chip authentication (between chip and reader) in one protocol which allows a faster verification process.
ENISA has published its report on "Communication network interdependencies in smart grids". Smart grids are a fundamental component of the European critical infrastructure. They are rooted on communication networks that have become essential elements allowing the leveraging of the “smart” features of power grids. Smart grids provide real-time information on the grid, perform actions when required without any noticeable lag, and support gathering customer consumption information. On the downside, smart grids however, provide an increased attack surface for criminals; for instance, smart meters can be hacked to cut power bills as happened in Spain in 2014 or due to a Distributed Denial of Service (DDoS) attack or malware infection, communications and control of the network could be lost, causing an energy production halt and affecting several systems across borders.
Industry body OSPT Alliance has released an update to its CIPURSE™ Mobile Guidelines. The document, which was initially released in 2013, offers a comprehensive set of requirements and use cases for developing and deploying CIPURSE™ secured ticketing mobile apps for NFC-enabled smart phones, tablets and other smart devices. It clearly lays out requirements for certification, provides implementation guidelines for embedded secure element (eSE), SIM-UICC and microSD and presents multiple use cases.
Morpho (Safran) and Orange Cyberdefense, two leading security firms, announced that they have signed a partnership agreement concerning the development of a complete range of cybersecurity products and services. The two partners will leverage the benefits of their complementary areas of expertise to better prevent, detect and respond to cyberattacks. As part of this agreement, Orange Cyberdefense will market Morpho’s security and digital trust solutions, drawing on Morpho’s acknowledged expertise in biometrics. Morpho, on the other hand, will promote Orange Cyberdefense’s portfolio of cybersecurity solutions.
Card Centric, a supplier of SIM and smart cards, over-the-air solutions and value added services based in Ireland, has become the latest company to join the membership ranks of SIMalliance, the global non-profit industry association which simplifies secure element (SE) implementation to drive the creation, deployment and management of secure mobile services.
Gemalto has been chosen by the National Police Board in Finland to supply the country's new ePassport, which will enable secure and faster border crossings. The new travel document has advanced security features and is fully compliant with International Civil Aviation Organization (ICAO) requirements. Gemalto is already responsible for Finland's polycarbonate electronic ID (eID) and resident permit cards. Under the new multi-year contract Gemalto will produce and personalize hundreds of thousands of Sealys ePassports and eID cards each year. These will be issued to citizens within days or even hours, via a convenient nationwide network of trusted retail outlets and delivery points.
Mit der Studie zu kritischen Informationsinfrastrukturen (CIIs) analysiert die europäische Agentur für Netzwerk- und Informationssicherheit ENISA aktuelle CIIP-Praktiken und Governance-Modelle, die in den EU-Mitgliedstaaten eingesetzt werden. Die Studie trägt zur Verbreitung und künftigen Umsetzung der NIS-Richtlinie bei. Bürger und Unternehmen sind für die Unterstützung online-kritischer Dienstleistungen (z.B. Energie, Telekommunikation, Gesundheit) von der Informations- und Kommunikationsinfrastruktur abhängig. Der Anstieg von Cyber-Bedrohungen kann die Bereitstellung von Dienstleistungen erheblich beeinträchtigen und finanzielle Verluste sowie eine Beschädigung der Reputation von Unternehmen zur Folge haben.
Gemalto is the first mobile payment vendor to receive full MasterCard approval for a complete Cloud-Based Payment (CBP) solution. This recent MasterCard certification encompasses Gemalto's CBP server platforms as well as the payment software running on cardholders' mobile phones. The solution is available as part of the company's secure and proven Allynis Trusted Services Hub (TSH), a full turnkey business service for financial institutions.