EU Proposes Legislation To Secure Connected Devices

European Commission President Ursula von der Leyen has announced introduction of an EU Cyber Resilience Act aimed at setting common cyber security standards for connected devices. 

The rapid spread of digital technologies “has been a great equaliser in the way power can be used today by rogue states or non-state groups to disrupt critical infrastructures such as public administration and hospitals.... given that resources are scarce, we have to bundle our forces. And we should not just be satisfied to address the cyber threat, we should also strive to become a leader in cyber security.” von der Leyen said.

As part of the EU's Cybersecurity Strategy, the Commission has also announced the intention to introduce rules to improve the cyber security of all connected products and associated services. The Internet of Things (IoT) in both consumer and industrial aspects, will be one of the future areas for cyber security certification pursuant to the existing 2019 EU Cybersecurity Act.

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.

The importance of this has been illustrated t by the Hackable Home, a project led by a lobbying group called Euroconsumers, which used ethical hacking methods to show most smart home devices lacked even basic cybersecurity standards. “We’ve been long advocating for this to ensure consumers’ safety across the EU.. If the Commission wants to become a leader in cyber security, it must work on a common EU approach to cyber threats that enables consumers trust in the IoT,” ” said Els Bruggeman, policy spokesman at  Euroconsumers

The Internet of Things promises an advanced environment where every object is intelligent and connected, but, are these devices really secure? What security risks do they pose, and how can businesses and individuals alike take advantage of IoT safely and securely?

Similar concerns on the need to define baseline cybersecurity requirements were also raised by DigitalEurope, the European digital industries trade association. In a recent report, the trade association warned that existing product safety regulations failed to set cyber security obligations for connected devices. While welcoming the Cyber Resilience Act, DigitalEurope director-general Cecilia Bonefeld-Dahl cautioned about the proliferation of EU proposals to regulate the cyber environment.

Besides the NIS2 directive, several proposals are on the table including a Directive on the resilience of critical entities, the more sectorial Digital Operational Resilience Directive, and several regulations on product safety.

Other proposals include creation of an  EU-wide Domain Name System (DNS). DNS are critical infrastructures for the global internet governance and are operated by a handful of non-European entities, which makes it difficult for EU countries to address large-scale cyber attacks or vulnerable to geopolitical tensions. 

Euractiv:      EU:      Digital Europe:       The Register:       Maddyness:     Image: Unsplash

You Might Also Read:

Connected Devices Must Be More Secure:

 

« US Intelligence Hackers Available For Hire
The CISO's Job Is Getting More Complex »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Alliance for Cyber Security

Alliance for Cyber Security

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

Institute for Information Security & Privacy (IISP) - Georgia Tech

Institute for Information Security & Privacy (IISP) - Georgia Tech

The Institute for Information Security & Privacy (IISP) at Georgia Tech connects government, industry and academia to solve the grand challenges of cybersecurity.