by Matias Almeida Garzon
Last September, the European Union released a draft of the Cyber Resilience Act. The legislation’s aim is to provide a stronger framework for data-connected devices in terms of prevention, protection and response. The CTO of admeritia GmbH, Sarah Fluchs, published an article last year analysing multiple aspects of the proposed legislation. Below, I will provide the central highlights of the article.
The act represents a change of paradigm and the way regulators view #cybersecurity. Changing the word security for resilience speaks about the acceptance of potential breaches and the importance placed on generating the response and recovery capability.
So far, energy operators have suffered a lot of pressure since they are the ones charged with monitoring the cyber security of their assets. A worrying situation considering some organisations struggle to meet the demands of this scenario.
Nevertheless, the act shifts cybersecurity towards the manufacturer’s end by requiring them to ensure compliance with security standards. In practice, all products will need to have the CE certification to commercialise.
On the technical aspect, Fluchs provides three solutions that would facilitate compliance without harming operational performance:
Adopting a software bill of materials #SBOM to provide operators with a clear landscape of the type of assets and applications they are dealing with.
Develop improved information-sharing mechanisms as part of the defence protocols.
Ensure suppliers comply with certification standards.
Let’s not forget that standardisation resides at the core of this initiative, not surprisingly the IEC 62443 series is contemplated within the list of harmonised standards. Smart Grid Forums has understood the importance of the topic and developed an online training programme designed to provide engineers with the foundation of the IEC standard for cybersecurity 62443.
➡️Visit our page to learn more and register:
➡️Visit this page to read the full article: