Duesseldorf / Frankfurt am Main, September 21st, 2023 – The pressure is on, the EU Commission will soon pass the EU Cyber Resilience Act (CRA-E) into European law. This will massively shift the responsibility for product cybersecurity from the user – whether a company or an individual – to the manufacturer or distributor. In the future, any manufacturer of smart products will have to ensure that they are placed on the market without any known security vulnerabilities. The International School of IT Security (ISITS AG), together with partners from the industry, invites you to an expert conference on the Cyber Resilience Act of the EU (German language). 8. CYBICS 2023 will take place for the eighth time and for the second time with the theme “Compliance, Security and Best Practice: the Cyber Resilience Act”. It will be held together with partners such as Europe’s leading provider of Product Cybersecurity & Compliance Management ONEKEY, certification body Bureau Veritas, CERT@VDE and, for the first time, representatives of the European Commission. “The first CYBICS on CRA generated a tremendous response and it quickly became clear that we needed to provide more information on this massive paradigm shift triggered by CRA and follow up with another conference later this year,” said Birgitte Baardseth, International School of IT Security.
Industrial facilities must become safe
The conference with top-class speakers will not only provide an overview of the current situation in the field of CRA-E, but will also offer concrete guidelines and best practice models. The main focus will be on the product cybersecurity of IoT/ICS/OT devices and equipment, as the risk potential has increased even further due to ongoing digitalisation and networking. Industrial machines contain more and more chips & software, i.e. digital elements that pose new security challenges: Can someone from the outside access the software and thus the machine, or even make changes to the programming? “Unauthorised access to machine and system software, can lead to malfunctions and, in the worst case, production downtime. Cyber resilience is therefore one of the most important protective measures that we need to build up in the IoT and OT industry as a whole,” said Jan Wendenburg, CEO of event partner ONEKEY. His company is one of the pioneers in the field of cyber resilience and operates a Product Cybersecurity & Compliance Platform (PCCP) that provides essential and automated support for manufacturers of smart devices and equipment to meet the upcoming requirements of the EU Commission’s Cyber Resilience Act.
Fast implementation is needed
The EU Cyber Resilience Act is expected to come into force in early 2024 and will apply to all European countries with the typical transition period. The CRA will affect product development, manufacturing, and the period of use – as a first step, it will introduce strict notification deadlines that manufacturers must comply with when vulnerabilities are discovered; in a second step, manufacturers and distributors will then be definitively liable for vulnerabilities in digital elements. Product cybersecurity is therefore a matter of urgency, especially as “CRA readiness” will become even more important for industrial buyers to be on the safe side in the coming months. Management in the IoT and OT industries must also react quickly to minimise the risk of liability – because for the first time, CEOs, board members and supervisory board members are also at direct risk of liability. “Those who are not now working on making the digital components of their products visible through a Software Bill of Materials (SBOM) and subjecting them to a detailed cyber risk analysis are acting more than negligently”, warned Jan Wendenburg, CEO of ONEKEY and partner of the 8th CYBICS Conference.