Selected Papers in Security Studies: Volume 9 Common Criteria Meets Realpolitik Trust, Alliances, and Potential Betrayal

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As Common Criteria is formulated today it is unlikely that it would survive over time. The reasons why it might fail are the rigid framework, rapid technical development makes a security target a moving target leading to instability and uncertainty, and the increased militarization in cyberspace moving from information assurance to information operations.