Domain Name System Security Extensions (DNSSEC) standards: an analysis of uptake in the EU

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of adoption of DNSSEC in Q1 2023 across EU Member States and globally. The report also presents an analysis of the usage of DNS resolvers in the EU and globally. Overall, the average DNSSEC validation rate in the EU is still low (46.3%), but is superior to the global one (31.4%)JRC.T.2 - Cybersecurity and Digital Technologie

Mutually Agreed Norms for Routing Security (MANRS): an analysis of uptake in the EU

The actions proposed by the Mutually Agreed Norms for Routing Security (MANRS) initiative aim to strengthen the security of the global Internet routing system, thus improving the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of routing standards, including MANRS actions, in Q3 2022 across EU Member States, as well as globally. The analysis of the level of uptake of routing standards has been carried out using publicly available data. Our findings demonstrate that the level of adoption of MANRS actions is similar to the previous measurement period (Q1 2022), showing that EU-based network operators have a very high average degree of MANRS readiness while, on the other hand, the uptake of MANRS from Internet Exchange Points is low.JRC.T.2 - Cybersecurity and Digital Technologie

Mutually Agreed Norms for Routing Security (MANRS): an analysis of uptake in the EU

The actions proposed by the Mutually Agreed Norms for Routing Security (MANRS) initiative aim to strengthen the security of the global Internet routing system, thus improving the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of routing standards, including MANRS actions, in Q1 2023 across EU Member States, as well as globally. The analysis of the level of uptake of routing standards has been carried out using publicly available data. In our results we observed a compliance rate of over 97% for compulsory actions for network operators.JRC.T.2 - Cybersecurity and Digital Technologie

Domain Name System Security Extensions (DNSSEC) standards: an analysis of uptake in the EU

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of adoption of DNSSEC in Q3 2022 across EU Member States and globally. The report also presents an analysis of the usage of DNS resolvers in the EU and globally. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with a medium degree of users validating DNSSEC-signed responses in the order of 30 to 40%.JRC.T.2 - Cybersecurity and Digital Technologie

Web communication standards: an analysis of uptake in the EU

The broad deployment of Hypertext Transfer Protocol (HTTP)-related standards (such as, HTTPS, HTTP/3 and HTTP security response headers) is imperative for ensuring the interoperability, security, scalability and stability of the Internet. This report studies the adoption rate of modern HTTP-related technologies, namely HTTP Secure (HTTPS), the latest version of HTTP, i.e., HTTP/3, and HTTP Strict Transport Security (HSTS) response header in Q3 2022 across EU Member States, as well as globally. The analysis of the level of uptake of web communication standards has been carried out using publicly available data. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with HTTPS having high adoption rates, whereas HTTP/3 and HSTS still showing low uptake.JRC.T.2 - Cybersecurity and Digital Technologie

IPv6 standard: an analysis of uptake in the EU

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q1 2023 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6. Our findings show that the level of adoption of IPv6 is similar to the previous measurement period (Q1 2022), with end-user adoption reaching 30% and server-side 14% in the EU.JRC.T.2 - Cybersecurity and Digital Technologie

Web communication standards: an analysis of uptake in the EU - March 2023

The broad deployment of Hypertext Transfer Protocol (HTTP)-related standards (such as, HTTPS, HTTP/3 and HTTP security response headers) is imperative for ensuring the interoperability, security, scalability and stability of the Internet. This report studies the adoption rate of modern HTTP-related technologies, namely HTTP Secure (HTTPS), the latest version of HTTP, i.e., HTTP/3, and HTTP Strict Transport Security (HSTS) response header in Q1 2023 across EU Member States, as well as globally. The analysis of the level of uptake of web communication standards has been carried out using publicly available data, as well as data collected from measurements conducted by the European Commission’s Joint Research Centre.JRC.T.2 - Cybersecurity and Digital Technologie

IPv6 standard: an analysis of uptake in the EU

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q3 2022 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6. Our findings show that the level of adoption of IPv6 is similar to the previous measurement period (Q1 2022), with end-user adoption reaching 30% and server-side 14% in the EU. These adoption rates are low, especially on the server-side, considering also that IPv4 addresses have already been depleted.JRC.T.2 - Cybersecurity and Digital Technologie

Email communication security standards: an analysis of uptake in the EU

Ensuring the interoperability and security of email communications is one of the cornerstones of a resilient and open Internet. In this context, the wide adoption of key Internet security standards, such as StartTLS, SPF, DKIM, DMARC, DANE and DNSSEC, is essential for a safe cyberspace for everyone. This report assesses the level of uptake of the above set of standards in Q3 2022 across EU Member States, comparing it to the global status. The analysis uses data from publicly available data sources and assessment tools, as well as from measurements conducted by the European Commission’s Joint Research Centre. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with StartTLS, SPF and DKIM having high adoption rates, DMARC following with medium adoption, and DANE with DNSSEC showing low, close to zero uptake.JRC.T.2 - Cybersecurity and Digital Technologie

Cyber Resilience Act Requirements Standards Mapping

The increasing number of cyberattacks affecting digital products, coupled with widespread vulnerabilities and insufficient timely security updates, creates heavy financial burdens on society. In response, the European Commission has drafted the Cyber Resilience Act (CRA), a new proposal for regulation to define the legislative framework of essential cybersecurity requirements that manufacturers must meet when placing any product with digital elements on the internal market. To facilitate adoption of the CRA provisions, these requirements need to be translated into the form of harmonised standards, with which manufacturers can comply. In support of the standardisation effort, this study attempt to identify the most relevant existing cybersecurity standards for each CRA requirement, analyses the coverage already offered on the intended scope of the requirement and highlights possible gaps to be addressed.JRC.T.2 - Cybersecurity and Digital Technologie