José Ruiz Gualda, Co-Director of jtsec, an Applus+ company, participated as a speaker at the 'AI and New Technologies' event organised by the Spanish economic newspaper Expansión (Spanish only) at the Zenit Studio in Madrid. Our expert discussed the importance of Laboratories Division’s cybersecurity certification services at an event that brought together high institutions of the Spanish Government, leading companies and key figures in Spain's technological sector.
Ruiz took part in the roundtable 'Blockchain, Cryptocurrencies, and Cybersecurity,' joining Alberto Redondo Sánchez, Chief Commander of the Criminal Cyberintelligence Group of the Judicial Police Technical Unit within the Spanish Civil Guard; José Javier Martínez Herraiz, Delegate of the Rector for Information Security at the University of Alcalá; José Ángel Fernández Freire, Executive President of Prosegur Crypto and Director of Innovation at Prosegur Cash; Alex Puig, CTO of Caelum Labs; and the moderator, Clara Ruiz de Gauna, Chief Editor of Expansión.
"At jtsec, we verify that what a manufacturer claims about their product is true. We measure cybersecurity levels of products," says Ruiz. He explains that, historically, only certain fields, like payment systems, identification documents, or Defence programmes, appreciated certifications in cybersecurity. "Everything has changed. You cannot sell to Administrations or bid for public tenders without cybersecurity assessments. Regulators have managed to integrate them into business, improving companies and products," he adds.
Ruiz considers that Spain is doing a "very good" job, viewing cybersecurity certifications as a competitive advantage, a differentiating factor in new markets and an entry barrier in more consolidated environments. He highlights a trend towards prevention. "That's what we do: prevent risks," comments the Co-Director of jtsec.
During the panel, topics included traceability in cryptocurrencies, the evolution of cybercrime, and the urgency for faster regulations. The sector faces two major challenges: raising society's awareness, which ought to be addressed in school, and attracting and retaining talent, as there are not as many people studying cybersecurity as needed. "It's a sector that will grow by a hundred. It is estimated that only 0.1% of products are currently being evaluated," highlights our expert.
For Ruiz, another significant challenge is how to maintain cybersecurity within the supply chain; both the US and the EU, with the CRA (Cyber Resilience Act), include requirements for SBOM (Software Bill of Materials) are included, listing the components that make up a software product to ensure they meet certain cybersecurity requirements. "The EU is making great strides in leading standardisation and legislation in cybersecurity, with regulations like CSA, EIDAS2, NIS2, ID digital Wallet, the Red Directive, and the CRA. The details are still being defined, but they will require certifications and testing by independent entities to demonstrate compliance with regulations," details the Applus+ expert.
The event, hosted by cybersecurity expert journalist Mónica Valle, featured Carme Artigas, Secretary of State for Digitalisation and Artificial Intelligence; Miguel Álava, General Manager of Amazon Web Services for Software Companies; Javier Martínez, Head of Customer Engineering at Google Cloud; and Chema Alonso, CDO of Telefónica. Companies such as PwC, Cepsa, Orange, BBVA, FCC, and Siemens were also present, addressing topics like generative AI, augmented reality, virtual reality, the Metaverse and new professions and challenges in HR arising from new technologies.