Imagine being denied entry to a foreign country because the electronic chip in your travel document is considered vulnerable and you would have to request a visa before traveling there? Because travel documents usually have a 10-year validity, this is a valid concern and is the reason why we consider micro-controllers (often called chips) in secure documents to be high value components.
As one of the most basic instances of the advanced IT solutions available in the industry, secure software embedded in ePassports and keeping them safe from their Cyberattacks are the object of deep concern and attention, especially with the increased adoption of digital ID, often derived from a secure electronic document such as a passport.
Cybersecurity is an ever-evolving concern. Setting up a secure identity document project relying on highly certified products is a necessary practice but not sufficient for protecting identities from future Cyberattacks. Active monitoring and anticipation of Cyber threats is critical to protect sensitive assets. Such threats include eavesdropping, cloning, or extracting highly confidential fingerprints from the electronic chip.
Decades of security progress have been framing an always-improving environment focused on a single objective: defining and maintaining a Cybersecurity framework to deploy secure embedded solutions in electronic ID documents.
The next step is to look beyond Cybersecurity and focus on Cyber resilience, which refers to an entity's ability to continuously deliver protection, despite adverse events. This combines information security, business continuity, and organizational resilience. This is particularly relevant for governmental programs, who should continue to issue secure identity documents to their citizens at any point in time.
Concretely, the future Cybersecurity of ID documents like ePassports depends on the ability to update, in the field, the secure embedded software (for example algorithms used for the various security mechanisms) protecting the data stored in the chip – with no need to issue a new document.