EU Proposes Legislation To Secure Connected Devices

European Commission President Ursula von der Leyen has announced introduction of an EU Cyber Resilience Act aimed at setting common cyber security standards for connected devices. 

The rapid spread of digital technologies “has been a great equaliser in the way power can be used today by rogue states or non-state groups to disrupt critical infrastructures such as public administration and hospitals.... given that resources are scarce, we have to bundle our forces. And we should not just be satisfied to address the cyber threat, we should also strive to become a leader in cyber security.” von der Leyen said.

As part of the EU's Cybersecurity Strategy, the Commission has also announced the intention to introduce rules to improve the cyber security of all connected products and associated services. The Internet of Things (IoT) in both consumer and industrial aspects, will be one of the future areas for cyber security certification pursuant to the existing 2019 EU Cybersecurity Act.

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.

The importance of this has been illustrated t by the Hackable Home, a project led by a lobbying group called Euroconsumers, which used ethical hacking methods to show most smart home devices lacked even basic cybersecurity standards. “We’ve been long advocating for this to ensure consumers’ safety across the EU.. If the Commission wants to become a leader in cyber security, it must work on a common EU approach to cyber threats that enables consumers trust in the IoT,” ” said Els Bruggeman, policy spokesman at  Euroconsumers

The Internet of Things promises an advanced environment where every object is intelligent and connected, but, are these devices really secure? What security risks do they pose, and how can businesses and individuals alike take advantage of IoT safely and securely?

Similar concerns on the need to define baseline cybersecurity requirements were also raised by DigitalEurope, the European digital industries trade association. In a recent report, the trade association warned that existing product safety regulations failed to set cyber security obligations for connected devices. While welcoming the Cyber Resilience Act, DigitalEurope director-general Cecilia Bonefeld-Dahl cautioned about the proliferation of EU proposals to regulate the cyber environment.

Besides the NIS2 directive, several proposals are on the table including a Directive on the resilience of critical entities, the more sectorial Digital Operational Resilience Directive, and several regulations on product safety.

Other proposals include creation of an  EU-wide Domain Name System (DNS). DNS are critical infrastructures for the global internet governance and are operated by a handful of non-European entities, which makes it difficult for EU countries to address large-scale cyber attacks or vulnerable to geopolitical tensions. 

Euractiv:      EU:      Digital Europe:       The Register:       Maddyness:     Image: Unsplash

You Might Also Read:

Connected Devices Must Be More Secure:

 

« US Intelligence Hackers Available For Hire
The CISO's Job Is Getting More Complex »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Viria

Viria

Viria is an information and security technology solution provider that promotes digitalization in a secure way.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.