Strengthen the security level of connected objects and digital products. This is the ambition of “Cyber Resilience Law”. This draft regulation, led by the European Commission and which will be presented to the European Parliament on Thursday, September 15, aims to encourage manufacturers of connected objects to integrate security from the design of their products to limit the possibilities of cyber attacks.
In detail, this bill establishes that manufacturers will have to monitor and correct faults over time and guarantee the cybersecurity of products throughout their life cycle if they want to obtain certification and be sold in the European Union, reports a article published on Monday, September 12. for the site digital century.
Among the obligations formulated to achieve this goal: the prohibition of passwords by default, the obligation to identify relevant security events, the encryption of confidential data or even sobriety in the use of data.
Connected objects, cyberattack vectors
These would be televisions, refrigerators, cameras, connected electrical equipment, computers or autonomous software, as well as components that make up intelligent systems such as chips and routers. In this context, Brussels wishes to establish a list of connected objects according to their level of risk in terms of cyber security. For objects that present the least threat, manufacturers must carry out the necessary tests and controls themselves to demonstrate that their products comply with the imposed requirements.
On the other hand, the European Commission will require a security audit by third parties for products considered high risk. Smartphones, operating systems, issuers of digital certificates, chips, smart meters, firewalls for industrial use, as well as everything used in a critical digital infrastructure, make up this category.
Companies that fail to comply with the regulations will be subject to sanctions: a fine of up to 15 million euros or 2.5% of the worldwide turnover of the previous year until the withdrawal or withdrawal of products from the European market. Connected objects are vectors of cyber attacks and must, by law, be able “guarantee the confidentiality of the data“, in particular through the use of encryption, protecting its integrity and processing only the data strictly necessary for its operation.
Source: BFM TV
