CCLab’s report on ICCC 2024, Qatar

This year, CCLab sponsored the opening reception of the International Common Criteria Conference (ICCC) in Qatar. Like in previous years, CCLab experts were present during the event meeting the most important stakeholders of Common Criteria. The ICCC is a highly prestigious professional event now in its 23^rd year. It provides opportunities for networking and various forums to discuss CC policy and development. It is aimed at participants involved in the specification, development, evaluation, certification, and validation of IT security products and systems. Similar to previous years, this year’s certificates were also distributed at the ICCC, where Sponsors could receive them. Some of the certificates were accepted by colleagues attending the event on behalf of our clients.

This prestigious conference brings Certification Bodies, laboratories, experts, policymakers, and product developers who work in IT security specification, development, evaluation, and certification. The most recent event was held in Doha, Qatar, where our CEO, Mr. Ferenc Molnár, our Head of Compliance, Dr. Katalin Szűcs, and Mr. Levente Cseh, our Sales Manager represented CCLab from October 4th to November 6th.

This year’s conference focused on key themes in cybersecurity, including advances in certification methods and AI integration in security systems. Topics included advances in using Common Criteria and the EUCC to address customer requirements and expand the CC into emerging fields. Attendees explored recent updates from certification schemes and ITCs and discussed the landscape of cybersecurity certification schemes. These sessions emphasized global collaboration to enhance security standards and meet evolving regulatory and technical demands. 

This year was special for the CCLab, as we were the main sponsor of the ICCC Opening Reception, where Mr. Levente Cseh delivered the opening speech. 

As in previous years, certificates issued over the past year were presented and handed over to the Sponsors this year. Representatives of various national schemes awarded these certificates to their clients and laboratories. During the ceremony in Qatar, OCSI representatives presented the certificate to our client Veritas. Certificates for other CCLab clients who were not present, including Versa, Tresorit, Sophos, i4P Trident, eTugra, and Opswat, were officially received on their behalf by Mr. Ferenc Molnár and Mr. Levente Cseh of CCLab.

‍

‍

We asked Mr. Levente Cseh to tell us about this year's conference:

1. What were the key takeaways from the conference that could shape the future of CCLab? 

The ICCC offered an exceptional opportunity to connect with international government officials, industrial leaders, and partners. These interactions can help CCLab build stronger partnerships, gain insights into global trends, and enhance its reputation as a cybersecurity laboratory.

Sessions on national and international technical community innovations and changes provided a glimpse into emerging technologies and methodologies and what is yet to come regarding EUCC. CCLab can integrate these innovations, and information into its service offerings, ensuring agility and competitiveness in cybersecurity evaluations.

2. The industry has experienced significant changes this year, and 2025 promises to bring even more transformations. Could you share your insights on what to expect?

The European Cybersecurity Certification Scheme for ICT products (EUCC) is gradually replacing the traditional CC scheme under the EU Cybersecurity Act. This change will harmonize evaluation processes across EU member states, addressing inconsistencies and reducing fragmentation. By 2025, the EUCC scheme is expected to be fully operational. This will standardize certification procedures across Europe and increase certification portability within the EU, simplifying market access for vendors targeting multiple EU countries.

As industries adopt IoT, AI, and cloud computing technologies, CC evaluations have expanded to include these domains. This has pushed for updates to Common Criteria Protection Profiles (PPs) and the introduction of new ones tailored to these technologies.

The increased emphasis on cybersecurity due to high-profile breaches has led to tighter integration of standards like ISO 27001, ETSI EN 303 645, and others with CC evaluations.

Let us remember that the Radio Equipment Directive (RED) extension with cybersecurity evaluations is also set to take off in August next year requiring wireless devices to comply with stricter cybersecurity measures. These involve manufacturers must ensure their products comply with

• Protection against network harm.
• Safeguarding user privacy.
• Prevention of fraud.

Products in the scope of RED (e.g., IoT devices, wearables, and smart home equipment) now require compliance demonstrations through testing or certifications aligned with cybersecurity standards like ETSI EN 303 645 or EN18031-1, -2, -3.
RED mandates include ensuring seamless interoperability and secure software updates, emphasizing post-market surveillance and lifecycle management.

3. How will these changes influence the cybersecurity landscape, and what impact will they have on CCLab specifically?

The ongoing and upcoming changes, particularly around the EU Cybersecurity Certification Scheme (EUCC) and the Radio Equipment Directive (RED), will have implications for the industry and CCLab. Both EUCC and RED require manufacturers to comply with stricter cybersecurity regulations, including lifecycle management, secure software updates, and data protection. The EUCC will harmonize certification processes across Europe, reducing inconsistencies but will also require manufacturers to update their processes to meet unified standards. This at the same time means a broader scope of products, with RED incorporating cybersecurity and EUCC addressing emerging technologies, the regulatory scope now includes IoT devices, AI systems, critical infrastructure, and software-defined products. Manufacturers and developers must count on additional compliance costs, such as enhanced testing, documentation, and certification processes.

With the EUCC fully operational in 2025 and RED expanding its cybersecurity scope, demand for testing and evaluation services will rise significantly. 

4. How is CCLab addressing these changes, what is their impact on ongoing projects, and how will CCLab's services evolve in 2025?

CCLab, as an accredited testing laboratory, will play a crucial role in certifying products under the EUCC framework and conducting cybersecurity evaluations for devices within the RED scope, including IoT and radio equipment.

CCLab will need to adapt to EUCC harmonization, ensuring processes meet the unified standards. Additional investments may be required in training, infrastructure, and tools to accommodate new testing methodologies introduced under RED. As the EUCC and RED become critical for market access, CCLab’s accreditation under multiple schemes positions it as a go-to lab for high-quality, comprehensive evaluations. 

‍

5. Was the event successful in fostering productive meetings and meaningful discussions?

Definitely. Although this was my first ICCC participation, it exceeded my expectations in terms of networking, knowledge sharing, and discussions. The event provided a platform to engage with key stakeholders from the Common Criteria (CC) community, including certification bodies, evaluation labs, and industry leaders. Several productive meetings were held, focusing on the transition to the EUCC framework, upcoming regulatory challenges, and collaborative opportunities for addressing emerging cybersecurity needs. These discussions not only enhanced my understanding of industry trends but also opened avenues for potential partnerships and projects.

The conference also highlighted best practices and innovations in evaluation methodologies, which will be instrumental in adapting to the evolving certification landscape. 

CCLab's active participation in the conference strengthened partnerships, completed this year’s CC evaluation projects, and engaged with industry professionals, highlighting its commitment to leading in cybersecurity advancements. As the industry continues to evolve, CCLab remains adaptable and ready for growth, demonstrating its dedication to delivering efficient and effective evaluation services. The future presents promising opportunities for CCLab in a rapidly changing cybersecurity landscape.

‍