WIBU-SYSTEMS
354
WIBU-SYSTEMS
354

Strengthening Cybersecurity Standards in the EU

MarketingWIBU-SYSTEMS AG on November 25, 2024 at 3:56 PM

Robot vacuums, of all things, are the latest IoT devices to be exploited by cyber criminals. Apparently, robot vacuums have been reported moving around people’s homes while screaming profanities through the onboard speakers. The company’s software was later found to be vulnerable to intrusion. This story comes on the heels of additional reports of vulnerabilities found in other IoT products like Internet connected garage doors, alarms, cameras, and other smart home products.

According to data from Check Point Software, cyberattacks on IoT devices have been increasing across the globe with Europe suffering from the most attacks, averaging almost 70 such attacks per organization every week. And, it is not just consumer IoT related products being targeted. Digital transformation in industry has introduced significant risks and vulnerabilities as well. Cyberattacks, data leaks, and security incidents increasingly threaten the integrity and operational capabilities of businesses and institutions.

In response to these and other cybersecurity events, the European Union has introduced the Cyber Resilience Act (CRA) – a regulation that fundamentally redefines cybersecurity for products with digital elements (PDEs).

The CRA aims to strengthen cybersecurity standards in the EU and will require companies to take robust measures to ensure the safety of digital products sold in Europe. Whether it's software, hardware, or cloud-based services – all companies that bring digital products to the European market or use them must prepare for extensive regulations. The Cyber Resilience Act demonstrates the European Union’s dedication to fortifying cybersecurity measures, fostering a secure digital environment for all stakeholders involved.

The Act will apply to software developers, manufacturers of embedded systems and IoT devices, and resellers of such products. Software developers will be required to ensure an appropriate level of cybersecurity and compliance with the Cyber Resilience Act. These requisites include:

  • Software must be developed in a manner that guarantees a level of cybersecurity by implementing security measures and best practices throughout the software development lifecycle.
  • Products must be delivered with a secure-by-default configuration and users should be able to reset the product to its original secure state, if necessary.
  • Software should incorporate control mechanisms to prevent unauthorized access.
  • Software should process only the data that is necessary and relevant to the intended use of the product.
  • Software should be designed to protect the availability of essential functions and to minimize any negative impact on the availability of services provided by other devices or networks.
  • Vulnerabilities should be addressed through security updates. Users should be notified of available updates to ensure the continued security of the software product.

When the Regulation goes into effect, software and products connected to the Internet must comply with the new standards to maintain their CE mark. Requiring manufacturers and retailers to prioritize cybersecurity, customers and businesses would be more confident in the cybersecurity credentials of CE-marked products.

The Cyber Resilience Act is planned for adoption and enforcement between 2025 and 2027, with manufacturers required to ensure compliance for products placed on the Union market by the end of 2027, as formal audits and assessments are expected to begin. In the ensuing years, formal audits and assessments are likely to begin, particularly for businesses that manufacture or distribute digital products in the EU. Non-compliance after this point could result in penalties, including fines and restrictions on product sales.

In an increasingly connected world where cyber threats are omnipresent, companies must fundamentally rethink their cybersecurity strategy. The CRA is a turning point – it demands a shift in mindset and proactive action from all involved. As a result, companies face higher demands and the need to fully implement and document these requirements. As a company dedicated to the security of digital assets, Wibu-Systems is well positioned to help developers plan and meet the new cyber security requirements. Our CodeMeter technology already offers many functions to help meet these requirements:

  • Protection against tampering software and updates
  • Trustworthiness of software, updates and data
  • IP protection of data (e.g. control parameters, personal data, …)
  • Control and transparency about distribution channels of products
  • Authentication and traceability of identities (persons and devices: Who are you and can I trust you?)
  • Authorizations and traceability of identities (persons and devices: Which roles and rights do you have?)

For further assistance, you can download our CRA Compliance Guide or attend our upcoming webinar 9-10 December where we will help decision-makers in business, IT, and corporate management understand how the CRA affects their operations, which security measures are mandatory, and what consequences loom if these requirements are not met.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.