SlideShare a Scribd company logo

EU Cyber Resilience Act (CRA) - new insights 14.11.2023EU Cyber Resilience Act (CRA) - new insights 14.11.2023.pdf

Terry London
Terry London

New insights about upcoming EU CRA (14.11.2023). The European Cyber Resilience Act is meant to unify cybersecurity rules for hardware and software products across the European Union. The problem it addresses is the fact that the number of connected devices is constantly growing, and, at the same time, attacks against those connected devices are growing as well – almost exponentially. https://proekspert.com/blog/connected-products/insights-for-the-upcoming-eu-cyber-resilience-act/

Devices & Hardware
1 of 12
Download to read offline
Custom software for smart device manufactures
property of Proekspert AS EU Cyber Resilience Act - new insights • EU CRA challenges for device manufacturers • Solutions for device security Terry London Device security specialist
property of Proekspert AS What is an EU CRA? European Cyber Resilience Act unifies EU cybersecurity rules for more secure hardware and software products. https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
property of Proekspert AS Currently among device manufacturers 7/10 are aware of EU CRA 3/10 develop next generation hardware security compatibility 1/10 develop software infrastructureto apply higher security
property of Proekspert AS Latest update • Interview with Cyber and Digital Affairs Councilor at European Commission
property of Proekspert AS New insights about EU CRA • Released spring 2024 + 36 month transition time • Vulnerabilityreporting • Applies for new productsreleased after transition time • Out of focus: SaaS; Open-sourcesoftware; automotive& medical devices • Different product criticalitylevels
property of Proekspert AS 1. Common product • Smart home devices • Toys 2. Critical product • Microcontrollers & processors • General purpose operating systems • Anti-virus software • Firewalls • VPN servers & clients • Public key infrastructures 3. Highly critical product • Smart cards • Hardware devices with security boxes • Smart meter gateways Criticality levels of products Requires self-assessment Requires 3rd party validation Requires certification
property of Proekspert AS Requirements for Device manufacturers Compile Software Bills of Materials (SBOM) • Define software suppliers • Define who is responsible of software modules & stages Get products certified • Self assessment • 3rd party validation • Certification Report product vulnerabilities • Yet to be defined Ensure security updates • Define intended purpose and requirements of the product • Provide security updates over product lifetime
property of Proekspert AS Our suggestions today For SBOM • Keep track which 3rd party librariesyour device software uses • Use modern software development principles and tools such as: version control systems, code review& testingtools For certification audits • Map and document your product functionalities and requirements Additional recommendations • Keep an eye out for EU product compliance-testing programmes for SMEs • Plan ahead how to prepare for EU CRA For security updates • Perform device security assessment and decide required protection measures • Decide the delivery process of the security updates (OTA, locally)
property of Proekspert AS Consulting • We are up to date with EU CRA • We have been building secure software solutions for 30 years Secure FW update Solution for device security on embedded level Remotedevice connectivity Solution for managing remote devices over the internet Device identity management Solution for managing devices with unique identities + PKI integration How can Proekspert help? Solutions
property of Proekspert AS Take a soda & let’s talk! Terry London CRA & secure firmware update Jukka Antero Halttunen Embedded software development Tiina Kalju Device remote control & cloud integration
property of Proekspert AS We develop secure custom software solutions • Industrial embedded software • Device management over Internet • Applications and service tools proekspert.com

Recommended

Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfICS
 
Overcome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyOvercome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyICS
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
Applied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd.
 
Applied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd.
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignSynopsys Software Integrity Group
 
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint Manager
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint ManagerPresentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint Manager
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint ManagerEnrique Gustavo Dutra
 

Recommended

Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfICS
 
Overcome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyOvercome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyICS
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
Applied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd.
 
Applied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd. Industrial Software
Applied Systems Ltd. Industrial SoftwareApplied Systems Ltd.
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignSynopsys Software Integrity Group
 
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint Manager
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint ManagerPresentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint Manager
Presentacion IBM AKTIO Punto Net Soluciones SRL - Endpoint ManagerEnrique Gustavo Dutra
 
E-Commerce Technology
E-Commerce TechnologyE-Commerce Technology
E-Commerce TechnologyDivante
 
e-Commerce Technology
e-Commerce Technologye-Commerce Technology
e-Commerce TechnologyDivante
 
Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
ETS Services Outline
ETS Services OutlineETS Services Outline
ETS Services OutlineTony DeGonia (LION)
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
Reliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsReliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsFortifier. IT Company
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services IntroCruatech
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
Applied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems Ltd.
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Secure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereSecure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereMicrosoft Tech Community
 
Week1.pptx
Week1.pptxWeek1.pptx
Week1.pptxMarriamNawaz
 
Gaurav_Resume
Gaurav_ResumeGaurav_Resume
Gaurav_ResumeGaurav Kumar
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析Onward Security
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTPôle Systematic Paris-Region
 
M2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and AgricultureM2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and AgricultureEurotech
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaDubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaUnited Arab Emirates
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一ss ss
 

More Related Content

Similar to EU Cyber Resilience Act (CRA) - new insights 14.11.2023EU Cyber Resilience Act (CRA) - new insights 14.11.2023.pdf

E-Commerce Technology
E-Commerce TechnologyE-Commerce Technology
E-Commerce TechnologyDivante
 
e-Commerce Technology
e-Commerce Technologye-Commerce Technology
e-Commerce TechnologyDivante
 
Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
Reliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsReliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsFortifier. IT Company
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services IntroCruatech
 
Applied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems Ltd.
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Secure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereSecure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereMicrosoft Tech Community
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析Onward Security
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTPôle Systematic Paris-Region
 
M2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and AgricultureM2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and AgricultureEurotech
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 

Similar to EU Cyber Resilience Act (CRA) - new insights 14.11.2023EU Cyber Resilience Act (CRA) - new insights 14.11.2023.pdf (20)

E-Commerce Technology
E-Commerce TechnologyE-Commerce Technology
E-Commerce Technology
 
e-Commerce Technology
e-Commerce Technologye-Commerce Technology
e-Commerce Technology
 
Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)
 
ETS Services Outline
ETS Services OutlineETS Services Outline
ETS Services Outline
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
Reliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUpsReliable Engineering for InsurTech StartUps
Reliable Engineering for InsurTech StartUps
 
Cruatech Services Intro
Cruatech Services IntroCruatech Services Intro
Cruatech Services Intro
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Applied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptxApplied Systems '22: services & solutions.pptx
Applied Systems '22: services & solutions.pptx
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Secure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereSecure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure Sphere
 
Week1.pptx
Week1.pptxWeek1.pptx
Week1.pptx
 
Gaurav_Resume
Gaurav_ResumeGaurav_Resume
Gaurav_Resume
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
 
M2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and AgricultureM2M in Transportation, Mining and Agriculture
M2M in Transportation, Mining and Agriculture
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 

Recently uploaded

Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaDubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaUnited Arab Emirates
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一ss ss
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...Call Girls in Nagpur High Profile
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查awo24iot
 
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...Pooja Nehwal
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsPooja Nehwal
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一zul5vf0pq
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Pooja Nehwal
 
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts ServiceVip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts Serviceankitnayak356677
 
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...Suhani Kapoor
 
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePooja Nehwal
 
定制(USF学位证)旧金山大学毕业证成绩单原版一比一
定制(USF学位证)旧金山大学毕业证成绩单原版一比一定制(USF学位证)旧金山大学毕业证成绩单原版一比一
定制(USF学位证)旧金山大学毕业证成绩单原版一比一ss ss
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一ga6c6bdl
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样qaffana
 
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhi
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | DelhiFULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhi
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhisoniya singh
 
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfPresentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfchapmanellie27
 
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurVIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurSuhani Kapoor
 

Recently uploaded (20)

Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaDubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
 
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call Girls
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
 
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts ServiceVip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
 
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
 
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
 
定制(USF学位证)旧金山大学毕业证成绩单原版一比一
定制(USF学位证)旧金山大学毕业证成绩单原版一比一定制(USF学位证)旧金山大学毕业证成绩单原版一比一
定制(USF学位证)旧金山大学毕业证成绩单原版一比一
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
 
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhi
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | DelhiFULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhi
FULL ENJOY - 8264348440 Call Girls in Hauz Khas | Delhi
 
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfPresentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
 
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurVIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
 

EU Cyber Resilience Act (CRA) - new insights 14.11.2023EU Cyber Resilience Act (CRA) - new insights 14.11.2023.pdf

  • 1. Custom software for smart device manufactures
  • 2. property of Proekspert AS EU Cyber Resilience Act - new insights • EU CRA challenges for device manufacturers • Solutions for device security Terry London Device security specialist
  • 3. property of Proekspert AS What is an EU CRA? European Cyber Resilience Act unifies EU cybersecurity rules for more secure hardware and software products. https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
  • 4. property of Proekspert AS Currently among device manufacturers 7/10 are aware of EU CRA 3/10 develop next generation hardware security compatibility 1/10 develop software infrastructureto apply higher security
  • 5. property of Proekspert AS Latest update • Interview with Cyber and Digital Affairs Councilor at European Commission
  • 6. property of Proekspert AS New insights about EU CRA • Released spring 2024 + 36 month transition time • Vulnerabilityreporting • Applies for new productsreleased after transition time • Out of focus: SaaS; Open-sourcesoftware; automotive& medical devices • Different product criticalitylevels
  • 7. property of Proekspert AS 1. Common product • Smart home devices • Toys 2. Critical product • Microcontrollers & processors • General purpose operating systems • Anti-virus software • Firewalls • VPN servers & clients • Public key infrastructures 3. Highly critical product • Smart cards • Hardware devices with security boxes • Smart meter gateways Criticality levels of products Requires self-assessment Requires 3rd party validation Requires certification
  • 8. property of Proekspert AS Requirements for Device manufacturers Compile Software Bills of Materials (SBOM) • Define software suppliers • Define who is responsible of software modules & stages Get products certified • Self assessment • 3rd party validation • Certification Report product vulnerabilities • Yet to be defined Ensure security updates • Define intended purpose and requirements of the product • Provide security updates over product lifetime
  • 9. property of Proekspert AS Our suggestions today For SBOM • Keep track which 3rd party librariesyour device software uses • Use modern software development principles and tools such as: version control systems, code review& testingtools For certification audits • Map and document your product functionalities and requirements Additional recommendations • Keep an eye out for EU product compliance-testing programmes for SMEs • Plan ahead how to prepare for EU CRA For security updates • Perform device security assessment and decide required protection measures • Decide the delivery process of the security updates (OTA, locally)
  • 10. property of Proekspert AS Consulting • We are up to date with EU CRA • We have been building secure software solutions for 30 years Secure FW update Solution for device security on embedded level Remotedevice connectivity Solution for managing remote devices over the internet Device identity management Solution for managing devices with unique identities + PKI integration How can Proekspert help? Solutions
  • 11. property of Proekspert AS Take a soda & let’s talk! Terry London CRA & secure firmware update Jukka Antero Halttunen Embedded software development Tiina Kalju Device remote control & cloud integration
  • 12. property of Proekspert AS We develop secure custom software solutions • Industrial embedded software • Device management over Internet • Applications and service tools proekspert.com