May 17, 2023

“Right now, we start a new era!”

Javier Bores is the newly elected co-chair of the Working Group Certification. He is also the head of the cybersecurity lab at the Spanish company Software Quality Systems (SQS), the first approved IDS Evaluation Facility for components, where he has been a verification and evaluation scientist since 2010. We sat down with him to hear about the path to trusted data sharing and certification.

Trust forms the bedrock of collaborations, whether in business or personal life. It becomes even more crucial when companies engage in data sharing. Data connectors within data spaces play a vital role in ensuring secure and sovereign data exchange. As an IDS Evaluation Facility, SQS is responsible for verifying whether a data connector meets rigorous IDS criteria encompassing functionality, security, interoperability, and performance.

The path to certification has been prepared and is still supported by the IDSA Working Group Certification. This group of about 30 members who set the criteria tested by SQS.

Help to prepare for certification

Javier Bores acts as a bridge between SQS and the Working Group Certification, informing the working group on how companies can better prepare and go better informed into an evaluation. One of the tasks of the working group is to get that information to applicants. If both, documentation and the software of the product itself, are well-defined, the evaluation can be completed in 7–8 weeks. Then the company receives their evaluation report.

During the process, SQS informs the developer or manufacturer of every activity. If, for example, the documentation needs more work, the missing information can be updated. “You can report a new version, and we can revisit the topic or task in the middle of the evaluation.” If something fails in the software solution, that is harder to solve in this two-month period. The company might have to request a reevaluation. But now the company knows what has to be done, and can work on correcting it right away.

Getting to the market quickly

The first connector certification process already began. “Now we are moving from theory to practice,” Bores explains. The criteria were developed in theory, and now in the certification process the connector is tested in practice. SQS works closely together with the working group to figure out where the criteria need adjustment. What needs to be mandatory, what should be an option? What works best to get the product to the market quickly? The framework and timeline must be workable.

Cooperation between science and industry

Bores comes with a different perspective than Monika Kamhuber, researcher at Fraunhofer Institute for Applied and Integrated Security AISEC and the second co-chair of the working group. “We complement each other with our different points of view.” Kamhuber is more involved in research and development, which shapes her view of certification, whereas Bores comes from a background of working closely with the industry. “I have the business or market perspective about what verifications and validation authentication implies.” A well-coordinated cooperation between science and industry is the goal.

But “we miss more players from the market, from business, from the industry in the working group,” Bores states. They are going to be the engine, the stakeholders that drive the working group and therefore the development. “Because in the end, you must maximize your resources: your engineers, your equipment and so on.”

SQS has four more candidates waiting for certification. A lot of knowledge will be brought back to the working group to make the concept of certification a high-value product for the market.  After all, “data is moving the next revolution of the industry”, Bores emphasizes. It comes down to how to move the data, transfer the data and trust the data that you receive. It is the start of a new era!

Stay updated with us