The EU Commission is on the verge of passing the EU Cyber Resilience Act (CRA-E) as a European law, shifting the responsibility for product cybersecurity from users to manufacturers. Under this new act, all manufacturers of smart products will be obligated to ensure that their products are free from any known vulnerabilities before being released to the market. To educate stakeholders about the implications of the CRA-E, the International School of IT Security (ISITS AG) is organizing the CYBICS 2023 conference, focusing on compliance, security, and best practices related to the Cyber Resilience Act. Partners such as ONEKEY, the leading provider of Product Cybersecurity & Compliance Management in Europe, Bureau Veritas, the certification authority, CERT@VDE, and representatives from the European Commission will be present at the event.
CYBICS Conference: Addressing Cybersecurity Challenges in IoT/ICS/OT Devices
The CYBICS Conference provides a comprehensive overview of the current situation in the field of CRA-E, along with practical guidance and best practice models. It focuses particularly on the product cybersecurity of IoT/ICS/OT devices and systems. The increasing digitization and interconnectedness have raised the risk potential in this area. With more machines incorporating chips and software, new security requirements must be met. Unauthorized access to the software of such machines and systems can lead to severe malfunctions, production failures, and machine downtime. Therefore, building cyber resilience is crucial in the entire IoT and OT industry.
ONEKEY’s Platform Supports Manufacturers in Meeting CRA-E Requirements
ONEKEY, as a partner of the CYBICS Conference, offers a pioneering Product Cybersecurity & Compliance Platform (PCCP) that provides automated support to manufacturers of smart devices and systems in meeting the upcoming requirements of the EU Cyber Resilience Act (CRA-E). Leveraging AI-based technology, ONEKEY’s platform identifies critical security vulnerabilities and compliance violations in device firmware within minutes, without requiring access to source code, devices, or networks. With features such as “Software Bill of Materials (SBOM)” creation and “Digital Cyber Twins,” the platform enables proactive verification of software supply chains and automated 24/7 cybersecurity monitoring throughout the product lifecycle.
EU Cyber Resilience Act: Prepare for Changes in Product Development and Liability
The EU Cyber Resilience Act, expected to come into effect in early 2024, will apply to all European countries. Manufacturers must prepare for changes in product development, manufacturing, and usage. The Act introduces strict reporting deadlines for the discovery of vulnerabilities and holds manufacturers and distributors accountable for digital weaknesses. It is crucial for companies to act swiftly to minimize liability risks. Both industrial buyers and IoT and OT industry management must prepare for the upcoming requirements. A thorough cyber risk analysis and visibility of digital components are essential to ensure product cybersecurity. The CYBICS conference provides valuable information and support in this regard.
The CYBICS Conference 2023 provides a unique opportunity for attendees to gain insights into the EU Cyber Resilience Act and discover concrete solutions for product cybersecurity. With ONEKEY as a partner, manufacturers of smart systems and devices can benefit from automated support in meeting the requirements of the CRA-E. It is crucial for companies to act swiftly and prepare for the implementation of the CRA-E in order to minimize liability risks and ensure compliance.
