Guardians of (Cyber) Security: DEKRA’s Pioneering Role in the CUSTODES Project
Author: Dr. Jasmin Cosic, Antonio Vizcaíno, Marga Martin Sanchez
Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the granting authority can be held responsible for them.
CUSTODES receives funding from the European Union Horizon Europe programme under Grant Agreement Nº101120684.
DEKRA Facts and Figures
DEKRA was founded in 1925 in Berlin (Germany) with the aim to ensure road safety through vehicle testing. Today, DEKRA is the world's largest independent, non-listed expert organization in the field of Testing, Inspection and Certification. As a global provider of comprehensive services and solutions, DEKRA helps customers to improve their safety, security, and sustainability outcomes. Today DEKRA has around 49.000 employees in over 60 countries on 6 continents.
For more information click here.
One of the most important pillars of DEKRA is R&D and Innovation. DEKRA actively participates in national and international projects, both independently and in collaboration with leading universities and relevant companies across key sectors such as cybersecurity, artificial intelligence (AI), and connected and autonomous cars among others.
Click here to learn more about Funded R&D Projects.
DEKRAs Role in R&D Project and SDOs
- DEKRA actively participates in the CUSTODES Project , with a primary focus, as a Conformity Assessment Organization, on the CUSTODES system’s cybersecurity evaluation and validation activities.
- DEKRA contributes by publishing high-value scientific papers and in dissemination activities, such as participating in conferences and key events.
- DEKRA has a proven record of contributions to standardization and certification organizations including ENISA (EUCC, EUCS and EU5G), ETSI CYBER (EN 303 645 and EN 103 732) and CEN/CENELEC (JTC13/WG8 and WG9).
- DEKRA also regularly participates as speakers and panelists in global conferences including EUCA (European Union Cybersecurity Acts) and ICCC (International Common Criteria Conference), introducing topics related with adoption of new security certification schemes such as EUCC, MDSCERT, RED-DA, etc. both from a laboratory (ITSEF) and certification body (CB) perspective.
- DEKRA also carries out regular marketing and technical initiatives to promote our activities and share information both to the public and to experts about the most recent developments. One recent example is the “ Cybersecurity Conference ” organized by DEKRA in October 2024 featuring panel discussions on many relevant topics and the participation of experts from DEKRA as well as external partners and collaborators.
DEKRA is therefore in the right position to disseminate the results of CUSTODES project in conferences, seminars, and workshops, leveraging our participation in the project, our experience in the area and our position as worldwide recognized experts to ensure impactful dissemination of the main CUSTODES outcomes.
Scientific contribution
DEKRA’s recent contributions to the science, focused on cybersecurity certification and resilience in composite was presented by Dr. Jasmin Ćosić. At
IEEE ICE 2023
in Madeira, DEKRA introduced advancements in certifying interconnected systems within the CUSTODES Project. At IEEE CSR in London, DEKRA also discussed security-by-design practices aligning with upcoming EU Cyber Resilience Act requirements. These efforts emphasize DEKRA's role in shaping resilient, compliant systems aligned with EU regulations, particularly through the CUSTODES initiative.
IEEE ICE 2024, Madeira, Portugal
- DEKRA’s research focused on composite systems, which consist of multiple, interconnected subsystems. These complex structures pose unique challenges for security and certification. Their work, titled “Deciphering Cyber-Security Certifications: An Ontological Journey through Composite Systems and their Certification,” explores creating an ontological framework. This model aids in clarifying and mapping the relationships and dependencies within composite systems, which is essential to certify their cybersecurity integrity efficiently. The certification methodologies within the CUSTODES Project aim to enhance security at every layer, ensuring the certification not only meets technical standards but also adapts to cybersecurity requirements under EU regulatory standards like ENISA’s Cybersecurity Act (CSA).
IEEE CSR 2024 Conference, London, England - Here, DEKRA published an article in the paper
“ Strengthening Cybersecurity Certifications
- Through Robust Chain of Custody Practices.” This research emphasizes "security-by-design," which builds resilience directly into the architecture of composite systems through extending the whole concept with Chain of Custody framework mostly used and known only in Digital Forensic domain. It aligns with the upcoming EU Cyber Resilience Act (CRA), which will require new, stringent standards for products with digital elements. DEKRA's research particularly focused on implementing a Chain of Custody for cybersecurity. This approach involves tracking and verifying each component of a composite system to strengthen trust and resilience against evolving threats, ensuring clients' systems are secure and compliant with these forthcoming EU standards.
“ Strengthening Cybersecurity Certifications
- Through Robust Chain of Custody Practices.” This research emphasizes "security-by-design," which builds resilience directly into the architecture of composite systems through extending the whole concept with Chain of Custody framework mostly used and known only in Digital Forensic domain. It aligns with the upcoming EU Cyber Resilience Act (CRA), which will require new, stringent standards for products with digital elements. DEKRA's research particularly focused on implementing a Chain of Custody for cybersecurity. This approach involves tracking and verifying each component of a composite system to strengthen trust and resilience against evolving threats, ensuring clients' systems are secure and compliant with these forthcoming EU standards.
DEKRAs Role as ITSEF
DEKRA has been an ITSEF for Common Criteria for almost 20 years. This continuous role as a worldwide reference in the security evaluation has enabled us to gain experience in the assessment of different types of products (TOEs), including network devices, 5G network equipment, operating systems, etc. Many of these evaluations are based in the concept of composition, e.g. reusing the certificate of a component in the evaluation of the full system or evaluating several Protection Profile modules as components of a complex system or product. We are therefore excited to collaborate in CUSTODES WP5 as the responsible of system evaluation and validation. We will contribute with our experience and vision to assess the Composite Inspection and Certification (CIC) System through the execution of pilots related with real use case scenarios. Our previous experience in evaluation of composite TOEs and 5G network equipment will be crucial to achieve the objectives of the project.
Through the CUSTODES Project, DEKRA demonstrates its leadership in setting (cyber)security and safety standards in the digital world. By collaborating with top European entities, DEKRA is not only advancing the safety and security, but also paving the way for the development of resilient infrastructures that can withstand the evolving digital landscape. For more information, visit the
CUSTODES Project website.