Cybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment.
- Cybersecurity Certification