Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

EU Wants to Toughen Cybersecurity Rules for Smart Devices

The European Union’s executive arm proposed new legislation Thursday that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.

The European Union’s executive arm proposed new legislation Thursday that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.

The EU said a ransomware attack takes place every 11 seconds, and the global annual cost of cybercrime is estimated at 5.5 trillion euros in 2021. In Europe alone, cyberattacks cost between 180 and 290 billion euros each year, according to EU officials.

The European Commission said an increase of cyberattacks was witnessed during the coronavirus pandemic and that Russia’s war in Ukraine has raised concerns that European energy infrastructure could also be targeted amid a global energy crunch.

The law, proposed as the Cyber Resilience Act, aims to remove from the EU market all products with digital elements that are not adequately protected.

The EU’s executive commission said the law would not only reduce attacks but also benefit consumers since it will improve data and privacy protection

“When it comes to cybersecurity, Europe is only as strong as its weakest link, be it a vulnerable member state or an unsafe product along the supply chain,” said Thierry Breton, the EU commissioner for the internal market.

“Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of millions of connected products is a potential entry point for a cyberattack.”

Breton said most hardware and software products are currently not subject to any cybersecurity obligations.

If adopted, the regulation would require manufacturers to take into account cybersecurity in the design and development of their devices. Companies would remain responsible for the security of products throughout their expected lifetime, or a minimum of five years.

Market authorities will have the power to withdraw or recall non-compliant devices and to fine companies that will not abide by the rules.

The Computer and Communications Industry Association (CCIA), which represents computer, communications and internet industry firms, welcomed the commission’s goal of improving cyber resilience but said the draft law would introduce unnecessary.

“These cybersecurity rules should strive to weed out bad products from the EU market, but the current … proposal would lead to innovative products piling up in waiting rooms before they can be used by Europeans,” CCIA Europe Public Policy Director Alexandre Roure said.

“Instead, the new rules should recognize globally accepted standards and facilitate cooperation with trusted trade partners to avoid duplicate requirements.”

RelatedAMTSO Publishes Guidance for Testing IoT Security Products

Written By

Click to comment

Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Supply Chain Security

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Supply Chain Security

A source code security audit led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.