ETSI Conference: European Telecommunications Standards Institute, Antibes (by Katerina Mavrona)

 For the specialist community interested in cybersecurity standardization in Europe, visiting Sophia Antipolis, home to the European Telecommunications Standards Institute, better known as ETSI, is something of a rite of passage. Set among rolling, pine-clad hills overlooking the Mediterranean, the sublime location of this leading European technology park hardly hints at the highly technical work taking place within it.

Founded in the early 1970s as a science and knowledge centre, Sophia Antipolis took its name from the ancient Greek Antipolis trading post, the predecessor of modern-day Antibes, located along the Côte d’Azur’s historic maritime routes. Its architects leaned into this lineage, shaping the technopole as a space where technology, innovation and commerce could meet. Today it hosts around 2,500 companies and organisations across sectors from biotechnology and fintech to cybersecurity. Its strong ICT and telecommunications orientation, already emerging in the late 1980s, invited the positioning of ETSI’s headquarters here.

ETSI itself was established following a European Commission proposal in a 1987 landmark green paper, at the time anticipating the role information, exchanges of knowledge and communications would come to play in an increasingly interconnected world. The creation of common standards would make sure that Europe could keep pace with its international peers and secure access to global markets. ETSI’s mission today still reflects those ideas, as a European Standards Organization (ESO) with a membership open to ICT industry and expert communities from across the world. Members of this global community convened last October at Sophia Antipolis for the ETSI Security Conference 2025, which I also attended as a PhD researcher studying the geopolitics of international cybersecurity standardization.

This year’s conference brought together experts and industry representatives to discuss the latest developments in the global cybersecurity landscape with an emphasis on emerging technologies including generative AI and LLMs, as well as the state of security standardization across numerous domains. From 6G networks to consumer verticals and IoT or discussions on the cyber skills gap, the scope of the conference was broad enough to offer a comprehensive understanding of the state of the field, reaching beyond participants’ distinct areas of specialization.

As a first-time attendee of a non-technical background, I approached the conference proceedings largely in an observer role.  Alongside presentations on the state of play across varied domains, I centred on two distinct but interrelated features of the conference’s organization and its thematic direction, which held particular relevance for my own research.

The first was the in-practice interpretation of ETSI’s foundational principle of openness and global orientation, as witnessed on the ground. I had the opportunity to attend a genuinely diverse set of presentations from representatives across a wide spectrum of stakeholders, ranging from powerful industry actors to up-and-coming SMEs. I was also able to discuss with delegates from what was indeed a wide geographical spectrum, and note their interest and considerations in standardization processes, including their European variant. Finally, the correspondence between ETSI’s core principles and staff and other participants’ emphasis on signalling openness and an inclusive posture toward outsiders, interested parties, and potential members was an interesting observation.

A second point of interest was the presentations and discussions on the new ETSI work streams connected to the EU Cyber Resilience Act (CRA) of 2024. The CRA is a regulation introduced as part of the EU’s expanding cybersecurity legal toolkit, setting cybersecurity requirements for products with digital elements placed on the EU market. ETSI has currently been tasked, via formal standardization requests extended by the European Commission, with the development of vertical standards providing presumption of conformity with CRA requirements.

Interestingly, there was a notable degree of resonance in how adherence to openness, touched upon above, finds its application in this new work stream, with the EU engaging with and inviting third-country representatives, industry, and experts to generate cybersecurity governance benchmarks using the instrument of international standardization. Some of these observations were only made accessible through direct participation, offering a grounded perspective on these evolving dynamics and underscoring the value of on-site engagement.

 




 

Comments

Post a Comment

Popular posts from this blog

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin...
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se...
Read more

The Artificial Intelligence Monster: Nicola Bates

Image
Christopher Booker in 2004 wrote of the seven basic plots to any story, one of these being ‘overcoming the monster’. Within Hollywood, such ‘monsters’ often reflects the zeitgeist balancing commercial requirements with the political and societal preoccupations of the age. The monster evolves over time - from Russia in the Cold War years through to lone actors and terrorists and now to seemingly shadowy figures controlling intelligence. Whilst generally lighter in tone, such monsters also exist within children’s cinema. In recent years this monster has become increasingly defined by their use of highly sophisticated technology, finally becoming the technology in ‘The Mitchells vs. the Machine’*. Lethal technology and subversive machines aren’t new concepts in children’s movies. They can, for example, be found in ‘Short Circuit’ back in 1986. This movie begins with five United States military robots in a training exercise against tanks and focusses upon one of the robots becoming ‘alive’...
Read more