EU Proposes Legislation To Secure Connected Devices

Uploaded on 2021-09-22 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Internet of Things

European Commission President Ursula von der Leyen has announced introduction of an EU Cyber Resilience Act aimed at setting common cyber security standards for connected devices. 

The rapid spread of digital technologies “has been a great equaliser in the way power can be used today by rogue states or non-state groups to disrupt critical infrastructures such as public administration and hospitals.... given that resources are scarce, we have to bundle our forces. And we should not just be satisfied to address the cyber threat, we should also strive to become a leader in cyber security.” von der Leyen said.

As part of the EU's Cybersecurity Strategy, the Commission has also announced the intention to introduce rules to improve the cyber security of all connected products and associated services. The Internet of Things (IoT) in both consumer and industrial aspects, will be one of the future areas for cyber security certification pursuant to the existing 2019 EU Cybersecurity Act.

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.

The importance of this has been illustrated t by the Hackable Home, a project led by a lobbying group called Euroconsumers, which used ethical hacking methods to show most smart home devices lacked even basic cybersecurity standards. “We’ve been long advocating for this to ensure consumers’ safety across the EU.. If the Commission wants to become a leader in cyber security, it must work on a common EU approach to cyber threats that enables consumers trust in the IoT,” ” said Els Bruggeman, policy spokesman at  Euroconsumers

The Internet of Things promises an advanced environment where every object is intelligent and connected, but, are these devices really secure? What security risks do they pose, and how can businesses and individuals alike take advantage of IoT safely and securely?

Similar concerns on the need to define baseline cybersecurity requirements were also raised by DigitalEurope, the European digital industries trade association. In a recent report, the trade association warned that existing product safety regulations failed to set cyber security obligations for connected devices. While welcoming the Cyber Resilience Act, DigitalEurope director-general Cecilia Bonefeld-Dahl cautioned about the proliferation of EU proposals to regulate the cyber environment.

Besides the NIS2 directive, several proposals are on the table including a Directive on the resilience of critical entities, the more sectorial Digital Operational Resilience Directive, and several regulations on product safety.

Other proposals include creation of an  EU-wide Domain Name System (DNS). DNS are critical infrastructures for the global internet governance and are operated by a handful of non-European entities, which makes it difficult for EU countries to address large-scale cyber attacks or vulnerable to geopolitical tensions. 

Euractiv:      EU:      Digital Europe:       The Register:       Maddyness:     Image: Unsplash

You Might Also Read:

Connected Devices Must Be More Secure:

 

« US Intelligence Hackers Available For Hire
The CISO's Job Is Getting More Complex »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

MonsterCloud

MonsterCloud

MonsterCloud is a leader in managed cyber security services. Our cyber security team constantly monitors and protects businesses from cyber threats.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

Cyvore Security

Cyvore Security

Cyvore combines cutting-edge AI, machine learning, and behavioral analytics to detect, investigate, and neutralize threats before they compromise your organization.

CPX

CPX

At CPX, we go beyond addressing today’s security risks—we anticipate the challenges of tomorrow.