EU Proposes Legislation To Secure Connected Devices

Uploaded on 2021-09-22 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Internet of Things

European Commission President Ursula von der Leyen has announced introduction of an EU Cyber Resilience Act aimed at setting common cyber security standards for connected devices. 

The rapid spread of digital technologies “has been a great equaliser in the way power can be used today by rogue states or non-state groups to disrupt critical infrastructures such as public administration and hospitals.... given that resources are scarce, we have to bundle our forces. And we should not just be satisfied to address the cyber threat, we should also strive to become a leader in cyber security.” von der Leyen said.

As part of the EU's Cybersecurity Strategy, the Commission has also announced the intention to introduce rules to improve the cyber security of all connected products and associated services. The Internet of Things (IoT) in both consumer and industrial aspects, will be one of the future areas for cyber security certification pursuant to the existing 2019 EU Cybersecurity Act.

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.

The importance of this has been illustrated t by the Hackable Home, a project led by a lobbying group called Euroconsumers, which used ethical hacking methods to show most smart home devices lacked even basic cybersecurity standards. “We’ve been long advocating for this to ensure consumers’ safety across the EU.. If the Commission wants to become a leader in cyber security, it must work on a common EU approach to cyber threats that enables consumers trust in the IoT,” ” said Els Bruggeman, policy spokesman at  Euroconsumers

The Internet of Things promises an advanced environment where every object is intelligent and connected, but, are these devices really secure? What security risks do they pose, and how can businesses and individuals alike take advantage of IoT safely and securely?

Similar concerns on the need to define baseline cybersecurity requirements were also raised by DigitalEurope, the European digital industries trade association. In a recent report, the trade association warned that existing product safety regulations failed to set cyber security obligations for connected devices. While welcoming the Cyber Resilience Act, DigitalEurope director-general Cecilia Bonefeld-Dahl cautioned about the proliferation of EU proposals to regulate the cyber environment.

Besides the NIS2 directive, several proposals are on the table including a Directive on the resilience of critical entities, the more sectorial Digital Operational Resilience Directive, and several regulations on product safety.

Other proposals include creation of an  EU-wide Domain Name System (DNS). DNS are critical infrastructures for the global internet governance and are operated by a handful of non-European entities, which makes it difficult for EU countries to address large-scale cyber attacks or vulnerable to geopolitical tensions. 

Euractiv:      EU:      Digital Europe:       The Register:       Maddyness:     Image: Unsplash

You Might Also Read:

Connected Devices Must Be More Secure:

 

« US Intelligence Hackers Available For Hire
The CISO's Job Is Getting More Complex »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.