Part 3 - Enhancing cyber resilience with EU regulations
A case for improved cyber resilience thanks to new Europeans regulations
In part 3 we will explore in more detail how these laws and regulations can improve resilience by limiting the impact of security incidents and enhancing incident response process.
The escalating convergence and interconnectivity between Information Technology (IT) and Operational Technology (OT) have heightened the susceptibility of OT to IT threats. This is particularly evident in the food and beverage industry, which has been increasingly targeted by severe ransomware attacks, disrupting production and shipping operations. These disruptions extend to customer order fulfillment, leading to significant financial losses and potential reputational damage. The situation underscores the critical need for robust cybersecurity measures in this era of digital transformation.
Here is how the new European laws and regulations will address those challenges.
NIS2 – Increase cooperation for better global incident response
The NIS2 directive provides a framework for cooperation and assistance among national authorities and the EU, as well as between the public and private sectors. By requiring entities to report significant incidents to the relevant authorities and share information with other entities in the same sector or across borders, the directive can help facilitate timely and effective responses and mitigate the potential consequences of incidents on public health, safety and the environment.
Cyber Resilience Act – Security by Design and Vulnerability Management at Scale
The Cyber Resilience Act (CRA) aims to enhance the cybersecurity posture of products with digital elements (PDEs) in the European Union. The CRA mandates manufacturers to implement essential cybersecurity requirements during the design and development stages thereby reducing the likelihood and impact of security incidents. Manufacturers are required to promptly notify customers about identified vulnerabilities and serious cybersecurity incidents helping in quicker incident response and mitigation and limiting the potential damage.
Machine Directive – Cybersafety Requirements
As all machines connect to data networks are susceptible to malicious attacks impacting operation safety, the new Machinery Regulation (EU) 2023/1230 introduces safety requirements to protect systems from corruption and malicious attempts from third parties ensuring the integrity of the systems is maintained, thereby reducing the risk of hazardous situations arising from corruption.
Don't miss part 4 where we will explore some best practices and recommendations to comply with those new regulations.