Anticipating the Cyber Resilience Act: A Must for IoT Manufacturers

Anticipating the Cyber Resilience Act: A Must for IoT Manufacturers

Le

The Cyber Resilience Act (CRA) is a new European regulation aimed at strengthening the security of connected objects. Although the effective date is not yet known, IoT manufacturers and providers must begin to anticipate the CRA to develop safe hardware products. The CRA promotes security by default (by design) by integrating encryption and authentication practices, as well as security keys. New connected objects must also be designed to ensure their security from the outset.

However, for connected objects already deployed in the field, their security will require software updates. IoT manufacturers and providers therefore encourage their customers to have good visibility of the objects already in place and their environment to assess their level of security. Software updates are a way to ensure the security of connected objects deployed in the field, but it can also lead to costs and philosophy changes for IoT actors.

The security of connected objects must also be explained to end users to ensure a good understanding of security practices. According to Alexandre Chaverot, CEO of French connected object manufacturer Avidsen, pedagogy is essential to ensure the security of connected objects. Indeed, if security is integrated by design, it will be transparent. If, on the other hand, security is perceived as a constraint, it will not be accepted. Pedagogy is therefore the second pillar of the CRA.

Anticipating the Cyber Resilience Act

The advantage of this security lies in “increasing the life of equipment by maintenance,” rejoices Stéphane Henry, business line general manager at the Lacroix Group. For Avidsen, security has become a commercial argument to establish itself in the market. For many, the CRA is an opportunity to remind companies that all are concerned with cybersecurity and must assume their vulnerability.

The CRA broadens the scope of IoT security, but specific standards for industrial and consumer objects already exist. Industrial products are already subject to specific security standards, and standard EN 303 645 applies to connected objects intended for consumers. For IoT actors, the CRA is therefore a reminder of the practices to be implemented.

The main advice from interviewed actors is to ensure the pedagogy of end users. It is also essential to consider security from the design of connected objects to ensure security by design. Cybersecurity projects must be launched now, even before the application of the texts, as security is a long cycle. Indeed, according to Michele Sartori, engineer at Quarkslab, a cybersecurity project requires at least “between six months and a year of work.”

Logiciel RGPD

In summary, the CRA is a new European regulation aimed at strengthening the security of connected objects. It promotes security by default (by design) by integrating encryption and authentication practices, as well as security keys. For IoT manufacturers and providers, it will become essential, although its effective date is not immediate. IoT actors encourage their customers to have good visibility of the objects already in place and their environment to assess their level of security. Pedagogy is essential to ensure the security of connected objects, and cybersecurity projects must be launched now, even before the application of the texts.

DPO Partagé
DPO Partagé
Looking for a DPO? Entrust your mission to DPO PARTAGE - Contact us at +33 (0)7 56 94 70 90 or by email at contact@dpo-partage.fr. DPO PARTAGE is the leader in DPO services for health and sensitive data.

Intéressant ? Partagez-le !

Newsletter

Audit gratuit Conformité RGPD

spot_imgspot_img

A ne pas manquer !

Encore plus d'actualités
Informations RGPD

Xerox Corp is reportedly the victim of a major cyberattack.

Xerox Cyberattack by Incransom : on December 30, 2023,...

Turning GDPR Compliance into Competitive Advantage: Unveiling the New Guide for American Enterprises

In a world where data protection and regulatory compliance...

Web Analytics and GDPR Compliance: How Website Hosts Can Adhere in France

Web Analytics and GDPR, CNIL's Position: Website hosts using...