Düsseldorf/Germany, January 18, 2023 – The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection. According to the European Union, there is currently a ransomware attack every eleven seconds; in the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier, headquartered in Germany, were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed. „The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,“ says Jan Wendenburg, CEO of the cybersecurity company ONEKEY.
Fines of 15 million Euros – or 2.5 percent of annual revenues
The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. „This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,“ Wendenburg continues.
Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cybersecurity agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.
Manufacturers need to act now on cyber resilience readiness
The Commission’s proposal provides for the new requirements to be in force 24 months after the regulation takes effect. Individual elements, such as the obligation to report security incidents, should already apply after 12 months. „The time horizon is tight, considering that orders for IT products are already being placed with OEM manufacturers this year for the next 12-18 months. Therefore, the timing situation needs to be considered and resolved now, before a product ends up not being launched or delayed due to defects,“ explains Jan Wendenburg of ONEKEY. The company operates a firmware analysis platform for spotting security vulnerabilities in smart and connected devices – from vacuum cleaner robots to industrial control systems worth millions. With a Cyber Resilience Readiness Assessment, ONEKEY offers the possibility for manufacturers, distributors, and importers to check their products for essential requirements of the Cyber Resilience Act, and also to investigate security gaps and provide data content for SBOM (Software Bill of Materials) required by the EU Commission.
ONEKEY is a leading European specialist for automated security & compliance analysis for manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated „Digital Twins“ and „Software Bill of Materials (SBOM)“ of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, are using this platform today – For research institutions and non-profit organizations, the ONEKEY platform is available at discounted terms & conditions.
Further Information: ONEKEY GmbH, Sara Fortmann, E-Mail: sara.fortmann@onekey.com, Kaiserswerther Straße 45, 40477 Düsseldorf, Germany, Web: www.onekey.com
Um dir ein optimales Erlebnis zu bieten, verwenden wir Technologien wie Cookies, um Geräteinformationen zu speichern und/oder darauf zuzugreifen. Wenn du diesen Technologien zustimmst, können wir Daten wie das Surfverhalten oder eindeutige IDs auf dieser Website verarbeiten. Wenn du deine Zustimmung nicht erteilst oder zurückziehst, können bestimmte Merkmale und Funktionen beeinträchtigt werden.
Funktional
Immer aktiv
Die technische Speicherung oder der Zugang ist unbedingt erforderlich für den rechtmäßigen Zweck, die Nutzung eines bestimmten Dienstes zu ermöglichen, der vom Teilnehmer oder Nutzer ausdrücklich gewünscht wird, oder für den alleinigen Zweck, die Übertragung einer Nachricht über ein elektronisches Kommunikationsnetz durchzuführen.
Vorlieben
Die technische Speicherung oder der Zugriff ist für den rechtmäßigen Zweck der Speicherung von Präferenzen erforderlich, die nicht vom Abonnenten oder Benutzer angefordert wurden.
Statistiken
Die technische Speicherung oder der Zugriff, der ausschließlich zu statistischen Zwecken erfolgt.Die technische Speicherung oder der Zugriff, der ausschließlich zu anonymen statistischen Zwecken verwendet wird. Ohne eine Vorladung, die freiwillige Zustimmung deines Internetdienstanbieters oder zusätzliche Aufzeichnungen von Dritten können die zu diesem Zweck gespeicherten oder abgerufenen Informationen allein in der Regel nicht dazu verwendet werden, dich zu identifizieren.
Marketing
Die technische Speicherung oder der Zugriff ist erforderlich, um Nutzerprofile zu erstellen, um Werbung zu versenden oder um den Nutzer auf einer Website oder über mehrere Websites hinweg zu ähnlichen Marketingzwecken zu verfolgen.
Comments are closed