“Eurosmart will continue setting pioneering and guiding principles for standardization, interoperability and deployment of secure digital applications across Europe”
Didier Sérodon, SVP Strategic Project / Continuous Improvement at Safran Identity & Security, has been appointed the new Chairman of Eurosmart, the international non-profit association representing the smart security industry for multisector applications.
As the newly elected Chairman, what is first on your agenda in your new role for "the voice of the smart security industry," as Eurosmart is called?
D.S.: .: Eurosmart will continue to always be at the forefront of market developments and business challenges such as IoT etc. – setting pioneering and guiding principles for standardization, interoperability and deployment of secure digital applications across Europe. Several European regulations that have been widely implemented are based on the expertise provided by Eurosmart. We also need Eurosmart to open up to the many new markets where security is a requirement but where there is little or no experience in managing security.
I can give you the example of WiFi networks being compromised because the security of connected light bulbs was improperly designed.
The Internet of Things is an interesting example of the new markets you mentioned. Here new businesses and use cases come into play. How is Eurosmart meeting this challenge?
D.S.: IoT is indeed a very interesting topic, not only because of the size of the market and its growth but also because new players are exposed to security needs and have no clue about how to deal with it. A few weeks ago a massive attack on a website was conducted using connected cameras. The camera makers did not know that their devices could be used in such a way and so did not even think about protecting against this. At Eurosmart we have very deep knowledge of the security market and have devised a three-step strategy.
- Provide a simple security evaluation questionnaire: How can I as a non-security expert understand the risks my device will have to be protected against?
- Propose a portfolio of secure solutions depending on risks based on the answer to the question: What shall I secure and how?
- Work closely with the European Commission to implement trust labels easy to understand for end-users.
What are other projects the organization is currently dealing with?
D.S.: We have many projects in mind; one is to organize an event in the European Parliament on cybersecurity vs user convenience. As part of the Digital Single Market strategy, the European Commission will review the 2002 ePrivacy Directive, with a view to ensuring consistency with the General Data Protection Regulation, guarantee a level playing field for all market players (telcos vs other players) and protect users' right to privacy.
The EU decision-makers would especially discuss whether the current security of electronic communications services (e.g. protection of personal data stored in terminal equipment such as smartphones) should be improved, given:
- newly adopted legislation imposing security requirements (General Data Protection Regulation, Network Information Security Directive, etc.)
- the release of reports on electronic mass surveillance ("Moraes report")
- news about smartphones being infected with viruses and other malware.
The European Union will have to find a trade-off between competing demands, such as a high degree of security versus user convenience or are some technologies available.
The EU decision-makers are also paying particular attention to this issue when addressing cybersecurity in other EU sector policies, like migration and home affairs (security of eID documents), the payment services directive (PSDII) or eGovernment (eGovernment action plan 2016-2020).
Didier, can you tell us a bit about your background and your career?
D.S: I will be brief and summarize my 25 years in this industry in just few lines. I was trained as an engineer, finishing up with a Master's in International Marketing some years ago. I started in the smart card industry in 1992 at Philips Smart Cards and Systems, which was later purchased by Oberthur. There I held various positions: Pre-Sales engineer, Product Marketing, Project Team management, Software Development, Head of Business Unit, Head of Corporate Communications. From there I moved to a small software company providing smart card test equipment and smart card operating systems, then to a leading POS terminal supplier before joining Safran Identity & Security.