Duesseldorf, March 21, 2023 – For manufacturers, importers and distributors of devices and equipment with digital elements – any product that contains a microchip – a common theme is currently emerging: the challenge of complying in the future with the EU Commission’s new law, the Cyber Resilience Act (CRA). The isits AG International School of IT Security, together with industry partners, invites to the first specialist conference on the Cyber Resilience Act. CYBICS 2023, now in its seventh year, will be held under the title “Compliance, Security and Best Practices: the Cyber Resilience Act” and will be organized together with partners such as product cybersecurity specialist ONEKEY, TÜV Rheinland and hardware manufacturer utimaco. “The CRA sets the course for the coming decades in the security of IT assets in the coming decades – from small devices to industrial control systems in production. This requires a major paradigm shift in the process, new mechanisms must be created and the industry must set its own standards to avoid falling into the trap of penalties for breaches. With the conference, we provide an overview and concrete assistance for companies along the entire value chain of IT devices of all kinds,” says Birgitte Baardseth, executive board of the organizer isits AG.
Cybersecurity of IoT/ICS/OT
The conference with prominent speakers from the security and IT industry will provide a comprehensive overview of the compliance requirements of the new EU Cyber Resilience Act. One of the key topics will be the product cybersecurity of IoT/ICS/OT devices and equipment seen from a regulatory perspective. Expert presentations and a panel discussion will provide an in-depth understanding of the CRA requirements and provide concrete guidance on solutions. Speakers include experienced IT legal experts, a representative from the German Federal Office for Information Security (BSI), a company representative from Bosch, a speaker from CERT@VDE, the certification body in the German Association of Engineers in Electrical, Electronic & Information Technologies, and the CEO of a leading IoT security technology vendor. Jan Wendenburg, CEO of ONEKEY, will provide an introduction to the topic. ONEKEY is one of the leading European platforms for automated product cybersecurity & compliance analysis and can fully automatically detect possible CRA violations in software and propose solutions within minutes.
Live hacking exposes serious security vulnerabilities
“The Cyber Resilience Act is valuable in protecting businesses and their ability to create value, as well as protecting home users, but it requires a number of measures to be concerted among manufacturers, importers and distributors. Due diligence and reporting requirements are strict, and third parties product components are also subject to the CRA. Timely preparation and implementation are necessary to avoid products taking much longer to reach the market in the future,” advises CYBICS speaker Jan Wendenburg. His company, which specializes in IoT security analysis of industrial plants and IoT devices, recently presented a comprehensive written guide to this end, summarizing the essential measures for industry and practical advice on how to implement them, which can be requested here. To demonstrate the ease of a modern cyber-attack on industrial communication and control systems, a live hacking session by internationally renowned white hacker Quentin Kaiser will demonstrate during the seventh CYBICS how quickly modern devices and plant control systems can become a threat.
The full conference programme and agenda, including all speakers, can be found at this link: https://www.cybics.de/programm.html.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management. The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
Integrated compliance checking already covers the upcoming EU Cyber Resilience Act and existing requirements according to IEC62443-4-2, EN303645, UNR155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150