Electronic voting systems assessment

By | Elecciones, Elections, Electronic Vote, Voto electrónico | No Comments

Spanish Order ICT / 140/2019, of 14 February, which regulates the conditions for the exercise of electronic voting in the electoral process for the renewal of the plenary sessions of the Official Chambers of Commerce, Industry, Services and Navigation provides guidance for the deployment of electronic voting systems that must be auditable and audited.

In its article 9 (Audit of the electronic voting system) It indicates:

1. The electronic voting system shall have an audit and verification regime totally independent that allows to examine the processes used to gather and  count the votes and recount them, in order to confirm the accuracy  From the results.

2. The external audit system should, at a minimum, allow:

  • That the independent observers can supervise the elections without disclosing the possible result or final count.
  • Detect electoral fraud.
  • Give assurance that all votes counted are authentic and maintain the anonymity of the voter at all times.

3. This audit must assist both the testing phase of the system as a whole to the voting phase, counting and dissemination.

TCAB is a pioneer compliance assessment entity in providing audit services of electronic voting platforms.

Contact TCAB to request preliminary audits of electronic voting platforms and to support in the electoral processes that make use of this type of platforms.

TCAB is an expert in certificates and electronic signature and can assess compliance with all aspects required by the regulations.

Contact by calling 91 388 0789

TCAB participates in the event on the Cybersecurity Regulation organized by AMETIC

By | Acreditación, AMETIC, Auditoría, Centro Criptológico Nacional, Cyber-security, Cybersecurity, ENISA, EU Cybersecurity | No Comments

AMETIC, the Spanish ICT Business Association has organized an informative event on the new European regulation “Cybersecurity Act”, which from June 2019 will regulate the implementation of a common European framework for the certification of “Cybersecure” ICT products and services to promote cybersecurity of online services and consumer devices.

This European regulation not only seeks to increase the confidence of users in relation to the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a reference worldwide, in line with other markets such as the United States or China. The European Union Agency for Network and Information Security (ENISA), which through this regulation will be named as the new European Agency for Cybersecurity, will coordinate and harmonize policies at European level, and will support Member States in the implementation of plans and national strategies in the fight against threats and cybersecurity attacks.

Antonio Cimorra, director of Information Technologies and Digital Agenda of AMETIC, highlighted during the opening of the session the advances that the digital transformation has introduced in society, as well as the importance of ensuring cybersecurity. He also commented on the measures that, from AMETIC, and particularly from the Cybersecurity Commission where important suppliers of this technology meet, are being developed in this field. Cimorra also highlighted the association’s support for the new European initiative.

Later, Ignacio Pina, Technical Director of the National Accreditation Entity (ENAC), explained that, “although the regulation will not be mandatory at the beginning, as far as certification is concerned, it is spected that the market will regulate itself fostering its adoption “. Pina added that “certification in itself does not generate security, but rather seeks to build trust among consumers”. In this regard, he commented that “the transition between current national certification schemes in force and the new common European framework will be gradual”. On the other hand, he stressed that “the role of the industry in defining the certification schemes that derive from this regulation, is essential for them to be aligned with market needs.”

Implications of “Cybersecurity Act”

Next, Cybersecutity focused round table was held witht the motto “How does the Cybersecurity Act impact on companies in the digital sector ?”.

Round table was presented by David González, president of the AMETIC Cybersecurity Commission and Head of Sales for Europe and North Africa of G & D. The participants were Mariano José Benito, CISO of GMV; Jesús María Alonso, Head of Consulting Spain of ATOS; Ainhoa ​​Inza, CEO of TCAB (Trust Conformity Assessment Body), and Miguel Bañón, CEO of EPOCHE & ESPRI.

They discussed the implications of the certification regulation for the activity of companies in the digital sector, and the following steps to address in this new scenario.

In general, the participants commented that it is a very positive initiative since, despite being a voluntary regulation for the time being, it is expected that its impact on the market will increase the number of certified secure ICT products in a significant way. They also highlighted that, for Spain, it is an opportunity for consolidation at the European level in terms of cybersecurity, taking advantage of the fact that the Spanish certification ecosystem is among the best considered in Europe.

On the other hand, it has been highlighted that, since there is no penalties framework within the regulation, it is important for companies to detect the benefit of certification, such as the impact on the consumer in terms of trustworthiness. They have also commented that the objective of this initiative is that consumers “get used” to verify that those ICT products or services that they buy or consume, carry the seal of safety certification.

Finally, the presentation by the expert representative of the National Cryptological Center (CCN), an entity that currently coordinates the work of certification in cybersecurity at the national level, addressed how the new Scheme will be adopted in Spain. CCN has coincided with other speakers in the great opportunity that “Cybersecurity Act” supposes for the European and Spanish cybersecurity industry when it comes to positioning Europe in line with other markets.

AMETIC Elections

By | AMETIC, Elecciones, Elections | No Comments

AMETIC celebrates its Electoral General Assembly, on November 7, 2018 in the CEOE´s Sala José María Cuevas  C/Diego de León, 50 CP. 28006 Madrid.

Trust Conformity Assessment Body presents its candidacy to represent the segment of SMEs and micro-SMEs in the AMETIC board of Directors.

Trust Conformity Assessment Body is an innovative SME security specialist that audits electronic signature systems, blockchain and security and interoperability schemes and is accredited by ENAC to evaluate qualified electronic trust service providers  in the framework of the EIDAS (Regulation UE 910/2014).

The wide knowledge of technical standards and legal environment that we possess is usually useful for our clients and we think  it can also be for the board of Directors of our association.

Being an SME, we know the challenges and difficulties of companies of this size, and we think that we can help to sensitize the management bodies of the association andother stakeholders on the importance of SMEs in the productive fabric of the country and on the Policies necessary for these companies to be able to develop and grow in a profitable way.

This is our first video as candidate:

TCAB candidacy in AMETIC elections

The sixth edition of the ENISA NCSS seminar will take place on September 18th

By | NCSS | No Comments

On September 18th, 2018, the sixth edition of the seminar “ENISA NCSS” on national cybersecurity strategies in Helsinki (Finland) will take place.

The event, which has been jointly organized by the Finnish Telecommunications Regulatory Authority (FICORA) and ENISA, will have as its central theme the development, implementation and evaluation of national cybersecurity strategies (NCSS, in its acronym in English). The creation of National, European and Sectorial Information Sharing and Analysis Centres (ISACs) will also be addressed. In addition, there will be various discussion forums  in which representatives of the public and private sectors will be able to present their ideas on national cybersecurity strategies and will share best practices for the creation of ISACs.

Audience at ENISA NCSS

The audience that will attend this seminar are, mainly, those actors involved in the development and implementation of national cybersecurity strategies and the people involved in the creation of ISACs such as sector regulators and national supervisory authorities; legislators and national authorities; private sector and universities.

Activities at ENISA NCSS

Early in the morning, the opening ceremony will be held by the General Secretary of the Finnish Security Committee, Vesa Valtonen. Next, Pentti Olin, member of the Committee of Security, will expose  the national strategy of security implemented by Finland to the assistants.

Later on, the first working session will take place, with a focus on the dissemination of the updates in the national strategies included in the NIS technical standard. Several countries, including Luxembourg, will join this session, which will be closed with a panel discussion.

In the second session, celebrated in the afternoon, the different National, European and Sectorial Information Sharing and Analysis Centres (ISACs) will be analyzed. As in the previous session, a discussion panel will take place at the end of the presentations.

If you wish to take a look at the agenda, please click here.

Practical information on ENISA NCSS

Date: September 18th, 2018

Venue: Dynamicum, Erik Palménin aukio1, Helsinki (Finland).

If you want more information about the event, click here.