CYBICS Conference on the EU Cyber Resilience Act: Industry wants to be on the safe side

CYBICS Conference on the EU Cyber Resilience Act: Industry wants to be on the safe side

Experts from BSI, BOSCH, VOITH, VDE summarize requirements and measures and call on all manufacturers to take immediate action

Frankfurt / Duesseldorf, May 11, 2023 – There was considerable interest among the participants of the seventh CYBICS conference on the challenges of IT security. IT managers, CIOs, IT experts and other specialists and executives met at the House of Logistics and Mobility (HOLM) in Frankfurt for the first specialist conference on the EU Commission’s Cyber Resilience Act. Under the title „Compliance, Security and Best Practices: the Cyber Resilience Act“, leading IT thinkers spoke about the various aspects that manufacturers, importers and also users of IT devices with network access will face in the future. A joint panel discussion highlighted the multi-faceted nature of the industry’s need for answers: „The Cyber Resilience Act is a paradigm shift in regulatory requirements for product cybersecurity that leaves little time for industry to implement. Rather than palcing a significant portion of the responsibility on the user, the onus is now on the manufacturer or importer to ensure the cybersecurity of their products. With the conference program, we were able to provide significant help in understanding the challenge, as well as guidance on how all stakeholders can benefit in the future and how the value chain around IT assets can be securely mapped,“ says CYBICS speaker Jan Wendenburg, CEO of cybersecurity company ONEKEY.

CRA sets course for the future

The CYBICS speakers illuminated the topic from different perspectives. After an introduction and international classification, speakers included an IT law expert, a representative of the German Federal Office for Information Security (BSI), company representatives from BOSCH and VOITH, and a speaker from CERT@VDE, the certification body of the Association for Electrical, Electronic & Information Technologies. In summary, it was noted that the CRA is setting the course for the coming decades of IT asset security – from small devices to industrial control systems in production. Industry must prepare early to avoid the trap of penalties for non-compliance. The central theme of the conference was product cybersecurity of IoT/ICS/OT from a regulatory perspective: „It was extremly helpful to see from best practices how the CRA can definitely be used to the industry’s advantage. The impressive live hacking session showed how high the risk really is at the moment,“ says Birgitte Baardseth, executive board of the organizer isits AG.

Live hacking of an industrial control system

In the interactive live hacking session, Quentin Kaiser, cybersecurity researcher and professional white hacker, showed how vulnerable IoT and ICS control systems have been to date. Again, the CRA is particularly critical: For plant controls (SCADA), CNC controls, smart meters, and robotics applications, the commission wants to require third-party audits. „The real vulnerability of an industry is the attack on control systems in production. This is where we at ONEKEY come in with our automated analysis & monitoring systems, uncovering vulnerabilities and compliance violations in device software that go all the way to critical zero-day vulnerabilities, often making them a more-than-acute threat. Through automated analysis, companies can quickly and easily achieve significant improvements in the short term,“ adds ONEKEY CEO Jan Wendenburg. 

Continuation in autumn already planned

Due to the extraordinary success of the seventh CYBICS conference in April, ONEKEY’s cybersecurity experts and the organizer, the International School of IT Security (isits), have already begun planning for the next conference to be held this fall. The next CYBICS conference will bring together top IT experts and industry thought leaders to discuss the challenges of the Cyber Resilience Act and present practical solutions for the industry. Given the rising threats and urgent need for increased IT security, this conference will be an important platform for knowledge sharing and collaboration to build resilience to cyber attacks. More details on the content and location will be announced in the coming months.

ONEKEY is a leading European specialist in product cybersecurity. The unique combination of an automated security & compliance software analysis platform and consulting services by cybersecurity experts provides fast, comprehensive analysis, and solutions in the area of IoT/OT product cybersecurity. Building upon automatically generated „Digital Twins“ and „Software Bill of Materials (SBOM)“ of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time, and can thus be remediated in a targeted manner. The easy-to-integrate solution enables manufacturers, distributors, and users of IoT technology to quickly and continuously perform 24/7 security and compliance audits throughout the product lifecycle. Leading international companies in Asia, Europe, and America are already successfully benefiting from the ONEKEY platform and experts.