EU Proposes Legislation To Secure Connected Devices

European Commission President Ursula von der Leyen has announced introduction of an EU Cyber Resilience Act aimed at setting common cyber security standards for connected devices. 

The rapid spread of digital technologies “has been a great equaliser in the way power can be used today by rogue states or non-state groups to disrupt critical infrastructures such as public administration and hospitals.... given that resources are scarce, we have to bundle our forces. And we should not just be satisfied to address the cyber threat, we should also strive to become a leader in cyber security.” von der Leyen said.

As part of the EU's Cybersecurity Strategy, the Commission has also announced the intention to introduce rules to improve the cyber security of all connected products and associated services. The Internet of Things (IoT) in both consumer and industrial aspects, will be one of the future areas for cyber security certification pursuant to the existing 2019 EU Cybersecurity Act.

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society.

The importance of this has been illustrated t by the Hackable Home, a project led by a lobbying group called Euroconsumers, which used ethical hacking methods to show most smart home devices lacked even basic cybersecurity standards. “We’ve been long advocating for this to ensure consumers’ safety across the EU.. If the Commission wants to become a leader in cyber security, it must work on a common EU approach to cyber threats that enables consumers trust in the IoT,” ” said Els Bruggeman, policy spokesman at  Euroconsumers

The Internet of Things promises an advanced environment where every object is intelligent and connected, but, are these devices really secure? What security risks do they pose, and how can businesses and individuals alike take advantage of IoT safely and securely?

Similar concerns on the need to define baseline cybersecurity requirements were also raised by DigitalEurope, the European digital industries trade association. In a recent report, the trade association warned that existing product safety regulations failed to set cyber security obligations for connected devices. While welcoming the Cyber Resilience Act, DigitalEurope director-general Cecilia Bonefeld-Dahl cautioned about the proliferation of EU proposals to regulate the cyber environment.

Besides the NIS2 directive, several proposals are on the table including a Directive on the resilience of critical entities, the more sectorial Digital Operational Resilience Directive, and several regulations on product safety.

Other proposals include creation of an  EU-wide Domain Name System (DNS). DNS are critical infrastructures for the global internet governance and are operated by a handful of non-European entities, which makes it difficult for EU countries to address large-scale cyber attacks or vulnerable to geopolitical tensions. 

Euractiv:      EU:      Digital Europe:       The Register:       Maddyness:     Image: Unsplash

You Might Also Read:

Connected Devices Must Be More Secure:

 

« US Intelligence Hackers Available For Hire
The CISO's Job Is Getting More Complex »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

National Security Agency (NSA)

National Security Agency (NSA)

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.