News
3-4.04.2025
SECURE International Summit
SECURE International Summit
The SECURE International Summit will be held on 3–4 April 2025 in Bydgoszcz, Poland, bringing together cybersecurity experts. This year, the event is an official part of the Polish Presidency of the Council of the European Union. Given the growing threats, cooperation in this field is becoming essential. Cybersecurity is one of the presidency’s priorities in the digital domain, with a key objective of creating a coherent model for responding to major cybersecurity incidents.
As part of the conference, the Director of the Standardisation and Certification Centre of NASK-PIB, Paweł Kostkiewicz, will lead a panel discussion titled “How to Build EU Cyber Resilience – What the Cyber Resilience Act Is Bringing Us.”
The event will also feature discussions on cybersecurity challenges related to the development of artificial intelligence and disinformation. The agenda includes talks on strengthening civil-military cooperation on digital threats, implementing regulations to enhance cyber resilience (the Cyber Resilience Act), and simplifying obligations under multiple cybersecurity laws.
The conference is intended for cybersecurity professionals in management, technical, and legal fields, as well as experts responsible for cybersecurity in public institutions and private companies.
The SECURE International Summit will be held on 3–4 April 2025 in Bydgoszcz, Poland, bringing together cybersecurity experts. This year, the event is an official part of the Polish Presidency of the Council of the European Union. Given the growing threats, cooperation in this field is becoming essential. Cybersecurity is one of the presidency’s priorities in the digital domain, with a key objective of creating a coherent model for responding to major cybersecurity incidents.
As part of the conference, the Director of the Standardisation and Certification Centre of NASK-PIB, Paweł Kostkiewicz, will lead a panel discussion titled “How to Build EU Cyber Resilience – What the Cyber Resilience Act Is Bringing Us.”
The event will also feature discussions on cybersecurity challenges related to the development of artificial intelligence and disinformation. The agenda includes talks on strengthening civil-military cooperation on digital threats, implementing regulations to enhance cyber resilience (the Cyber Resilience Act), and simplifying obligations under multiple cybersecurity laws.
The conference is intended for cybersecurity professionals in management, technical, and legal fields, as well as experts responsible for cybersecurity in public institutions and private companies.
Let’s be SECURE!
For more information, visit the event website: Secure 2025
03.04.2025
“Cybersecurity in Public Procurement” Conference
On 3rd April 2025, a conference entitled “Cybersecurity in Public Procurement” will be held, offering participants an opportunity to expand their knowledge and skills in e-procurement and IT tools used in public procurement processes.
One of the presentations, titled “Securing the Public Procurement Supply Chain in Light of Polish and EU Cybersecurity Regulations,” will be delivered by NASK experts: Legal Counsel Monika Bratek-Charzyńska and Head of the Compliance Assessment Team of the Certification Body, Krzysztof Teresiński.
Key challenges in data protection and securing procurement processes against cyber threats will be discussed in accordance with current national and EU regulations. The conference will also provide an opportunity to reflect on the current state of procurement regulations in cybersecurity—do they need to be revised to better address the growing threats in the digital world?
For more information, visit: Konferencja “Cyberbezpieczeństwo w zamówieniach publicznych”, 3 kwietnia 2025 r.
One of the presentations, titled “Securing the Public Procurement Supply Chain in Light of Polish and EU Cybersecurity Regulations,” will be delivered by NASK experts: Legal Counsel Monika Bratek-Charzyńska and Head of the Compliance Assessment Team of the Certification Body, Krzysztof Teresiński.
Key challenges in data protection and securing procurement processes against cyber threats will be discussed in accordance with current national and EU regulations. The conference will also provide an opportunity to reflect on the current state of procurement regulations in cybersecurity—do they need to be revised to better address the growing threats in the digital world?
For more information, visit: Konferencja “Cyberbezpieczeństwo w zamówieniach publicznych”, 3 kwietnia 2025 r.
08.05.2025
Workshop on “AI security standards: a step forward in the evaluation and AI governance”
NASK, together with the Ministry of Digital Affairs of Poland, is hosting the workshop “AI Security Standards: A Step Forward in the Evaluation and AI Governance” on May 8, 2025.
10-14.03.2025
Cybersecurity Certification Week
Cybersecurity Certification Week (CCW) will be held in Warsaw from March 10-14 under the patronage of ENISA, the EU Cybersecurity Agency.
This is the next edition of the annual conference, organized this time in Warsaw with the support of the Polish Presidency and the European Commission.
The conference will mark the first anniversary of the publication of the European Cybersecurity Certification Program based on the Common Citeria (EUCC), as well as discuss the following topics:
This is the next edition of the annual conference, organized this time in Warsaw with the support of the Polish Presidency and the European Commission.
The conference will mark the first anniversary of the publication of the European Cybersecurity Certification Program based on the Common Citeria (EUCC), as well as discuss the following topics:
- eIDAS and EUDI portfolio cyber security certification;
- Interactions with other EU regulations: CRA (Cyber Resilience Act), EU Cyber Solidarity Act, NIS Directive 2;
- EUCC implementation challenges;
- Risk management through EU cybersecurity certification.
Cyber Security Certification Week includes the following meetings:
A meeting of the ECCG (European Cybersecurity Certification Group), a permanent group of cybersecurity certification experts from member states, established by national cybersecurity certification authorities. The ECCG advises the Commission on the planning of certification programs, reviews candidate programs, issues opinions and assists the Commission in implementing these programs.
ECCG subgroups – ECCG (European Cybersecurity Certfication Group) subgroups deal with specialized topics arising from certification programs or the Cybersecurity Act. They are composed of experts from member states. The current subgroups deal with the maintenance of the EUCC program.
Ad hoc ENISA groups – ENISA (European Union Cybersecurity Agency) consisting of external experts (usually representatives of member states and the private sector) to address a specific issue (e.g., preparation of a candidate program) or to support ENISA in a specific task (e.g., promotion of certification or market research).
A meeting of the ECCG (European Cybersecurity Certification Group), a permanent group of cybersecurity certification experts from member states, established by national cybersecurity certification authorities. The ECCG advises the Commission on the planning of certification programs, reviews candidate programs, issues opinions and assists the Commission in implementing these programs.
ECCG subgroups – ECCG (European Cybersecurity Certfication Group) subgroups deal with specialized topics arising from certification programs or the Cybersecurity Act. They are composed of experts from member states. The current subgroups deal with the maintenance of the EUCC program.
Ad hoc ENISA groups – ENISA (European Union Cybersecurity Agency) consisting of external experts (usually representatives of member states and the private sector) to address a specific issue (e.g., preparation of a candidate program) or to support ENISA in a specific task (e.g., promotion of certification or market research).
23.10.2024
Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements, amending Regulations (EU) 168/2013 and (EU) 2019/1020, and Directive (EU) 2020/1828 (Cyber Resilience Act), has been published in the Official Journal of the European Union. The CRA regulation will be applied as of 11 December 2027. The regulation will apply directly in all EU countries.
The Cyber Resilience Act (CRA) describes the cybersecurity requirements for hardware and software with digital components marketed in the European Union. Digital hardware and software are one of the main avenues for successful cyberattacks. In a connected environment, a cybersecurity incident in one product can affect an entire organization or supply chain, often spreading beyond the borders of the internal market within minutes. Product cybersecurity has a particularly strong cross-border dimension, as products manufactured in one country are often used by organizations and consumers throughout the internal market.
The regulation establishes a uniform legal framework to ensure that hardware and software are designed, developed, and maintained with robust cybersecurity measures throughout their life cycle. The CRA requires manufacturers to comply with basic cybersecurity requirements, conduct risk assessments, and ensure security updates, thus supporting a safer digital environment across the EU.
13.08.2024
NIST published three new FIPS standards on Post-Quantum Cryptography:
21.05.2024
At the headquarters of NASK, two certificates for SimplySign and BiocertiX products were officially awarded.
The event was attended by representatives from Asseco Data Systems, Xtension, Samsung Electronics Polska, as well as from ITSEF and the Certification Body.
17.04.2024
Our CB Manager, Mr. Paweł Kostkiewicz, took part in an interesting debate on the cybersecurity of AI-based technologies, which was organized as part of the Secure 2024 conference..