How to get ready for the arrival of the Cyber Resilience Act?
Design
With an exponential growth in the number of interconnected devices expected to reach around 75 billion units by 2025, online security is becoming an increasingly pressing concern for players operating in the IoT area. To deal with this phenomenon, on September 15th 2022, the European Commission introduced ground-breaking legislation in Europe, called the “Cyber Resilience Act” (CRA). This regulatory proposal aims to consolidate digital security for items containing digital elements, thus marking a significant step in the ever-changing landscape of cybersecurity.
Zoom-in on the Cyber Resilience Act and what it will change in IoT projects.
Qu’est ce que le Cyber Resilience Act (CRA)?
The Cyber Resilience Act (CRA) provides a common regulatory framework for Member States to fight the increasing number of cyberattacks to which connected devices are victim, so as to make business players responsible for the cybersecurity of the products they offer on the European market.
Yannick Gaudin
Lead Architect & Technology
Complying with the key points
IoT data security requirements
In the interconnected world of IoT, the collection and processing of personal and sensitive data has become commonplace. However, the Cyber Resilience Act highlights the need to protect this data from unauthorized access.
The consequences of a data breach can be devastating, leading not only to financial damage, but also to a loss of customer trust. To meet these requirements, it is essential to apply robust security measures and ensure appropriate data management.
Cybersecurity standards for IoT devices
The CRA emphasizes the importance of designing secure IoT devices right from their very creation (referred to as “secure-by-design”). The recommended cybersecurity standards are intended to ensure that devices are protected against potential vulnerabilities and flaws.
Integrating security at an early stage in the development process is fundamental to avoiding costly security gaps and ensuring compliance with the requirements of the Cyber Resilience Act. This proactive approach reduces the risks and lays a strong foundation for IoT projects.
Vulnerability and incident management
Continuous vulnerability monitoring and responding rapidly to security incidents are central elements of this regulation. Businesses must be able to quickly identify and correct security flaws to minimize potential damage.
Effective incident response requires well-defined processes and collaboration between technical teams and stakeholders.
Anticipating the implementation of the Cyber Resilience Act
Expert in electronics design and specialised in IoT solutions, LACROIX supports its customers each step on the way to develop their IoT projects.
In order to be compliant with the Cyber Resilience Act, IoT players are required to meet several criteria. And LACROIX is the perfect partner to ensure that all 5 of these key points are fulfilled:
Secure by design
Technical framework: architecture, cryptography, secure enclave, etc.
Processes: product lifecycle, crisis management, R&D best practices, etc.
Risk & threat analysis model, with cyclical examination
Vulnerability Disclosure Policy (VDP)
CVE tracker in place, with teams organized around it
Communication channel to inform your customers
Mitigation/resolution actions triggered promptly
Large-scale updates at any time
Your product’s firmware
Secrets-rotation ready
Free security patches
All throughout the product’s life cycle (minimum of 5 years)
Anticipate the Cyber Resilience Act with LACROIX
Secure your IoT projects from the design stage to guarantee compliance and peace of mind.
