T-Systems opens Common Criteria Evaluation Lab in Singapore
T-Systems is supporting Singapore’s Common Criteria (CC) Certificate Authorising Nation status with the launch of a new Common Criteria Evaluation Lab in Singapore.
Managing Director of T-Systems in Asia South, Arkadiusz Czopor said, “We foresee a high demand in CC Certification requirements driven by CSA initiatives in Singapore and around the region.”
He chats further with Enterprise IT News about his organisation’s work with the Cyber Security Agency (CSA).
EITN: How does T-Systems figure in CSA’s new Cybersecurity Strategy?
Czopor: As part of Singapore’s Cybersecurity Strategy, CSA has taken a security-by-design approach by evaluating devices and systems against an international standard, the Common Criteria.
Singapore has been Consuming Participant under the Common Criteria Recognition Arrangement (CCRA) since 2005, however, it was until mid-2016 when CSA commenced on the process to achieve the status of CC Certificate Authorising Nation.
T-Systems has been a consulting partner with CSA in this process to acquire this status by drawing on its experience with this standard as part of the work it does in Germany with its Common Criteria Evaluation Lab there for over 20 years.
EITN: In anticipation of the launch, what are the comments that you would have for this upcoming announcement by CSA? What is the scope involved?
Czopor: In combination with CSA’s new capabilities, this lab provides Singapore and the region with the ability to test devices against the international standard and certify it for an appropriate Evaluation Assurance Level (EAL).
As part of its efforts to support the local talent market, T-Systems has been involved in the hiring and training of fresh Singaporean graduates for the Singapore Common Criteria Evaluation Lab. These graduates are trained in the latest tools and techniques, and as part of T-Systems’ investment in their careers and local talent market. T-Systems has established an overseas skills development course for them at their Germany offices. This provides our Singapore talent with intensive hands-on learning and coaching, as well as allows for the transfer of skills and knowledge.
With CSA and T-Systems working together, Singapore will be equipped with the competencies and infrastructure to offer solution providers a cost competitive, efficient and reliable mean to obtain Common Criteria evaluation and certification. This also further cements Singapore in the region as an international hub and will build upon the nation’s reputation of implementing advanced technology that is safe and secure.
EITN: Being a non-local organisation, offering assistance in designing this framework, how does T-Systems cope?
Czopor: T-Systems has been offering its technical expertise and assistance to Singapore and CSA since Common Criteria was deemed a national focus.
T-Systems’ 500-700 square foot evaluation lab has purpose-built rooms for electrical, mechanical, and software testing. These will be used to evaluate devices and systems according to the seven Common Criteria EALs that describe the level at which they have satisfied functional security requirements.
At its opening, it will be able to evaluate and provide assurance up to EAL4, in excess of the internationally recognised level of EAL2. For more extreme cases, T-Systems’ Germany evaluation labs will provide assurance to the maximum EAL7 category.
EITN: Can you share some observations about regulatory challenges that this may pose to operations and strategy of your organisation?
Czopor: Singapore’s new CC Certificate Authorising Nation status provides it with an improved ability to input into decisions around how Common Criteria is enacted throughout the Common Criteria Recognition Arrangement.
By drawing on T-Systems’ experience in Germany, Singapore can ensure that with sound counsel and advice it can best represent its national issues in any dialog around Common Criteria changes, and how those may affect local regulations.