Smart Industry 2021

More documents

Recommendations

Info

<strong>Smart</strong> Business Title Story: The EU Cybersecurity Act 24 We really think this could be an added-value globally – but we need to do it right. Christoph Luykx Policy director at Orgalim A New Approach To improve the internal market for goods and strengthen the conditions for placing a wide range of products on the EU market, the new legislative framework was adopted in 2008. It is a package of measures that aim to improve market surveillance and boost the quality of conformity assessments. It also clarifies the use of CE marking and creates a toolbox of measures for use in product legislation. the European Council. Inaction by Brussels could push individual countries to bring into force national-level legislation, fragmenting the common market. That calculation has resulted in a move to use a delegated act from RED to activate provisions that require manufacturers of wireless devices to fulfil cybersecurity requirements by protecting consumers from fraud and ensuring their privacy. Such a move is acknowledged to have numerous shortcomings. For a start, it will cover only Internet-connected radio equipment and wearable radio equipment (estimated at around 75 percent of the connected-device market) and will not cover connected products that only use wires. In addition to excluding non-radio components (including processors), it won’t cover the life cycle of the product (patches) or require disclosure of vulnerabilities. Despite its shortcomings, the RED delegated act is seen as the fastest way to introduce a cybersecurity law in the short term, rather than having to wait for the development of a new horizonal law. <strong>Industry</strong> groups have identified these ambiguities in what is to be covered but they also worry that the regulations will introduce a mandatory set of standards and requirements, only for these to be superseded by a new law. “We are completely supportive of mandatory baseline requirements under horizontal legislation, or of a certification scheme [like the CSA] which is voluntary and is more of a market-driven mechanism,” said Alberto Di Felice, director for infrastructure, privacy and security at Digital Europe. “What we’re seeing on the other end of the spectrum is the RED delegated act. We are source ©: Euralarm far more skeptical about activating that instrument to target cybersecurity. The potential for overlaps and inconsistencies is huge.” An important question is whether the delegated act will have coherence with the new horizontal law, which the European Commission has indicated is its intention. Da Silva believes that the rules put in place by the RED delegated act will match up new rules at the horizontal level that are coming, though overall the new horizontal law will be much broader in scope. Overall, there is recognition among industry groups of the need for comprehensive regulation governing cybersecurity – and even its inevitability, given that the alternative would be a high degree of fragmentation – but the hope is to avoid contradictory or unworkable rules and develop these within the NLF, where there is input from industry. Orgalim, a federation of European technology industry bodies, has called for horizontal legislation under the NLF. Christoph Luykx, its policy director, says that seeing such a request coming from industry may be surprising to a lot of people. “But it is precisely because we see a risk of fragmentation, the increased cost to produce and manufacture products, the confusion for the manufacturers and consumers, that is why we put forward a proposal for horizontal legislation,” he explains. Coherent cybersecurity rules for the European marketplace can ultimately help companies gain an advantage by allowing them to prove their credentials, both at home and abroad, believes Luykx. “If we get this right, and we are coordinated, and the cost and the bureaucracy of this is manageable, [manufacturers] can take cybersecurity into account from the development of a product to its rollout and during its lifetime. So, we really think this could be an added-value globally – but we need to do it right and there is still a lot of work to do.”
How Much Cybersecurity Is Enough? Standardization Versus Risk Management 66,7% 2020 2018 52,2 % 35,6% 41,0% 26,1% 33,3% 19,1% 23,1% 30,4% 13,9% 5,2% source ©: LEET Security, S.L. Rating organizational levels Demonstrate compliance Internal reporting tool External reporting tool Use of Rating Within Organizations „Insurance policy“ Other There’s no doubt that cybersecurity is a complex topic to legislate. Given how fast-moving security’s components are, legislation is often too slow and cumbersome. Antonio Ramos, CEO of Leet Security, a cybersecurity ratings agency based in Madrid and member of the Stakeholder Cybersecurity Certification Group (SCCG), says that recent trends in legislation around cybersecurity are, in general, positive. “Now cybersecurity is a ‘hot’ topic and politicians are aware of it,” he adds. Nevertheless, he is critical of the overall focus on certification and minimum requirements and would like to see more emphasis on risk management approaches. “We keep thinking about cybersecurity as something that can be standardized, which, by definition, is impossible. Cybersecurity is a risk management issue which depends source ©: 20 Minutos Editora, S.L. on risk appetite, risk exposure, and many other things that make it impossible to define which is the right level of cybersecurity for every single case. Certification is perfect for establishing a minimum level of requirements to start doing business in a field, but then we should open Trusted Tool Rating is an important tool for managing cybersecurity in the value chain. Third-party certification is the most frequently used mechanism for 63.4 percent of respondents. Define how to measure cybersecurity and then establish how much you need. Antonio Ramos CEO of Leet Security the hand to offer other kinds of mechanisms that have proven useful in other markets, such as rating, labeling, self-assessment, or auditing,” he says. Rather than defining a list of security controls for every situation, an alternative approach is to define how to measure cybersecurity and then establish how much is needed in each case, suggests Ramos. “This approach is much more efficient and improves the efficiency of certification. In fact, this approach is the one that the Spanish Center for Protection of Critical Infrastructures (CNPIC) is using for the definition of the cybersecurity certification framework for critical operators. A scheme with different levels against which operators can set certifications and then the Center decides which level is right depending on the criticality of the infrastructure,” he explains. 25
Page 1 and 2: smart powered by industry The IoT B
Page 3 and 4: Editorial europe LEads the way Tim
Page 5 and 6: 16 Making the World a Safer Place P
Page 7 and 8: It was the early 1920s. With World
Page 9 and 10: corner the market on connectors, Av
Page 11 and 12: A Little Help from Our Friends Avne
Page 13 and 14: point of transformation for our ind
Page 15 and 16: Ivan Ndip at Fraunhofer Institute F
Page 17 and 18: 17
Page 19 and 20: Cybersecurity Labeling in Finland A
Page 21 and 22: source ©: Facebook essary because
Page 23: asic service law for online platfor
Page 27 and 28: Thrives in Tough Environments High
Page 29 and 30: ment (ROI) for factories. Deploying
Page 31 and 32: source ©: Mercedes-Benz 5G links p
Page 33 and 34: first time when in the hands of cus
Page 35 and 36: In manufacturing, predictive analyt
Page 37 and 38: formation at Rockwell Automation. D
Page 39 and 40: Industrial Solutions Across Edge an
Page 41 and 42: The more you have, the more you get
Page 43 and 44: How to Know Who’s Who source ©:
Page 45 and 46: fective manner. These tools address
Page 47 and 48: source ©: IPKeys Power Partners se
Page 49 and 50: More than a century ago, British wr
Page 51 and 52: source ©: GreenStream Technologies
Page 53 and 54: IoT on the High Seas A Sea of Data
Page 55 and 56: opportunities to drive greater effi
Page 57 and 58: expect companies to do the same. At
Page 59 and 60: Everything under Control IoT-based
Page 61 and 62: Visit us now at www.msembedded.biz
Page 63 and 64: source ©: Global Market Insights I
Page 65 and 66: some time in acquiring and analyzin
Page 67 and 68: source ©: DigiCatch Lighting the D
Page 69 and 70: on any coax sonar cable system and
Page 71 and 72: source ©: Brain Corp source ©: Br
Page 73 and 74: The Konvoy system runs on the Sigfo
Page 75 and 76:
IoT in stolen vehicle recovery It
Page 77 and 78:
enough to be concealed inside a veh
Page 79 and 80:
Among all third-parties, 22 were re
Page 82 and 83:
Column Martin Milter IoT Provisioni
Page 84 and 85:
Smart Solutions Smart Sensors Smart
Page 86 and 87:
Smart Solutions Smart Sensors Bosch
Page 88 and 89:
Smart Solutions Smart Companies Sma
Page 90 and 91:
Smart Solutions Smart Companies sou
Page 92 and 93:
Smart Solutions Smart Products Smar
Page 94 and 95:
Smart Solutions Smart Products Sony
Page 96 and 97:
Smart Solutions Smart Products Garm
Page 98 and 99:
Column Gerd Leonhard Science Fictio
Page 100:
Leading-edge Solutions for Fast Cha
show all

Smart Industry 2021

Create successful ePaper yourself

Delete template?

Save as template?