The imminent implementation of the Cyber Resilience Act (CRA-E) has raised numerous concerns for manufacturers and distributors of Smart Devices. Under this new EU law, companies will be held accountable for managing security risks and face substantial penalties, which can be incurred for missed deadlines. To address the issue of Cyber Resilience and the CRA-E, the CYBICS conference will take place on November 28, 2023. Titled “Compliance, Security, and Best Practices: the Cyber Resilience Act,” the conference is organized by the isits AG International School of IT Security in Frankfurt am Main, in collaboration with partners such as ONEKEY, the European Commission, Bureau Veritas, and CERT@VDE.
Manufacturers now responsible for secure operation of devices with digital elements
The Cyber Resilience Act for Electronics (CRA-E) marks a significant shift in responsibility by transferring the onus of ensuring the secure operation of devices with digital elements onto manufacturers. This new responsibility encompasses a wide range of mass-market products, including smartwatches, routers, access control systems, printers, and industrial control systems. While network operators will still be accountable for the security of their networks, manufacturers and distributors must comply with stricter regulations during the development and marketing phases. These regulations cover not only IT security measures but also processes and reporting requirements. The uncertainty surrounding the alignment with local authorities, in addition to EU legislation, is currently causing concern among businesses. However, it is crucial to avoid delays as the CRA-E will come into immediate effect once approved across all EU member states.
ONEKEY supports manufacturers in meeting CRA-E requirements
ONEKEY, a leading provider of automated product cybersecurity and compliance in Europe, offers manufacturers of smart devices and systems valuable support in meeting the upcoming requirements of the EU Commission’s Cyber Resilience Act. The company operates a highly automated analysis and management platform (PCCP) that is capable of detailed analysis and risk assessment of each software component of a device. This solution can assist manufacturers in meeting the CRA-E requirements and thereby avoid penalties and legal consequences.
CYBICS Conference: Addressing Industry Uncertainty in the Era of the CRA-E
The upcoming Cyber Resilience Act (CRA-E) is causing significant uncertainty in the industry, particularly regarding the utilization of open-source software in devices and their firmware. To address these concerns, the isits AG International School of IT Security will host a second CYBICS conference this year. The aim is to provide manufacturers with practical guidelines and assistance that align with their existing practices. This conference will be conducted in collaboration with esteemed partners such as CERT@VDE, EU Commission experts, and ONEKEY’s Cyber Resilience specialists.
The Cyber Resilience Act introduces stringent requirements for manufacturers and distributors of smart devices. By partnering with ONEKEY and attending the CYBICS conference, companies can ensure compliance with the CRA-E and protect themselves from penalties and legal consequences. It is crucial for businesses to familiarize themselves with the new laws and take appropriate measures to ensure cybersecurity.
