CLR Labs and CNPP: A New Alliance for the Cybersecurity of Connected Solutions

In this interview, Stéfane Mouille, Director of Cabinet Louis Reynaud, and Ronan Jezequel, Director of Development and Innovation at CNPP, explain the motivations and objectives of the recently established partnership between CLR Labs and CNPP.

The goal ? To conduct robustness tests against digital attacks on all connected security solutions. 

This collaboration will allow industrial companies to be supported in their developments related to cybersecurity applied to security technologies, in a regulatory context that is constantly evolving. 

Thanks to their complementary expertise, CLR Labs and CNPP bring the ability to innovate and adapt to all types of vulnerabilities, for more effective and reliable evaluations. 

Ronan Jezequel – Over the past few years, CNPP has developed tests to evaluate cybersecurity and resistance to digital attacks on all current connected security solutions. 

The objective of this partnership is to extend and update our test methods applied currently within the framework of ongoing regulatory developments. 

We chose CLR Labs as a partner because they are both specialists with full recognition at the highest level for their capabilities in performing cybersecurity tests, and their technological interests are very close to ours, with specialities in security including access control and biometrics.

Stefane Mouille – In addition to Ronan’s comments, we are very pleased to work with CNPP, which is internationally recognised in fire protection and alarm systems. 

Indeed, our structure also allows us to bring responsiveness and technical expertise to CNPP in the context of cybersecurity evaluations on high-risk products, which also allows for a complementary approach between CNPP and CLR Labs. 

Ronan Jezequel -  This partnership will enable us to improve the way we conduct these evaluations. Simply because, in addition to being able to conduct evaluations according to the existing base that has already been defined, CLR Labs has a particular capacity for innovation and adaptation to all types of vulnerabilities, which will allow us to go even further with test methods leading to potential product certifications. 

Stéfane Mouille -  Indeed, we have cybersecurity testing methodologies. Cybersecurity is a field that evolves quickly. 

It is often the game of cat and mouse, between the attacker and the person who implements protections to make cybersecurity counter-measures. And thanks to CNPP’s evaluation methodologies adapted to the level of security required by the products that enter the scope of evaluation, we are well positioned to perform tests and to prepare evolutions, notably to take account of diverse and varied threats.

Ronan Jezequel -  If we speak purely from a technical evaluation perspective, all products currently covered by our certifications and including this cybersecurity layer will benefit. 

We are talking about alarm control panels for intrusion detection, also video surveillance cameras or connected locks. All security and safety solutions today are subject to these tests and will benefit from this collaboration. 

More broadly, one can say that all our product certification services and also service certifications that will rely on cybersecurity regulatory developments will benefit from the partnership we have established. 

Stéfane Mouille - First of all, we work at the European level, monitoring regulatory developments across all cybersecurity topics, which is a field in full expansion, beginning with the NIS Directive (Network and Information Systems) several years ago, moving to NIS 2, the Cyber Resilience Act (CRA), etc. 

And then we work on the standardisation side, which complements the European regulatory side, and we provide this regulatory watch support to CNPP, which will enable Ronan to carry out tests. 

Ronan Jezequel – What we are going to do is collect information and feed on these regulatory developments to evolve the base reference documents, supporting our product and service certifications, mainly the Cyber Resilience Act and its application standards for the product side. 

We will increment our test methods so that tomorrow, conformity to our methods means regulatory conformity. And regarding the NIS 2 Directive, we will evolve our installation and deployment reference documents for security systems so that our certified installers can offer assurances of NIS 2 compliance for their clients. 

Ronan Jezequel -  In general terms, this partnership impacts us in risk management in two ways. First, it will help us strengthen our reference documents for technical evaluation of products and help us update them in view of a regulatory context in full evolution. 

And it will also strengthen our capacity to develop, innovate and produce new references, new tests to cover security and safety products in the face of tomorrow’s challenges. 

One can speak for example of artificial intelligence, which has an increasingly large place in the functioning of security and safety products and that we must be able to evaluate. 

Stéfane Mouille – And we bring this part of technical expertise in the cybersecurity field, which is a world in full evolution, while retaining the evaluation procedures and methodologies defined by CNPP. And therefore in terms of risk analysis, it allows cyber risk to be covered in the world of physical protection and in the protection of buildings and people in full coherence. 

We are merging two different worlds: the digital world and the physical world, security, safety and cybersecurity, and we can do it in a completely harmonious way. 

Ronan Jezequel – CNPP and CLR Labs have therefore found each other to define a common future based on the cybersecurity evaluation of security and safety solutions. 

Stéfane Mouille –  It’s when the South meets Normandy.