Placed on – 7 December 2022

New EU Cybersecurity Act: IoT

The legislation will help to enforce common cybersecurity standards and reassure consumers that the internet connected “things” they buy are secured.

Sign up to our newsletter

Don’t miss out on the latest news!

EU Cybersecurity Act

The drafting of legislation like the European Cyber Resilience Act (CRA) —imposing better cybersecurity requirements to manufacturers of connected devices, products and services— was long overdue. The legislation will help to enforce common cybersecurity standards and reassure consumers that the internet connected “things” they buy are secured to, at least, the required level of the European market.  

“It is crucial for the EU to reap all the benefits of the digital age and to strengthen its industry and innovation capacity, within safe and ethical boundaries.” 

The EU Cybersecurity Act and IoT consumers 

For more than 30 years, the Internet of Things (IoT) has been one of the main drivers of the Digital Transformation. IoT has completely changed industries and has helped businesses find new models to stand out and succeed in today’s markets. Still, with all the benefits that come with having connected products or digitalizing businesses, poorly choosing your company’s IoT partner or products comes with significant risk.  

When everything is connected, a cybersecurity breach can lead to significant economic costs as it can affect entire systems and disrupt activities. In that sense, through its objectives, the proposed CRA legislation aims for consumers to:  

  1. Have access to more secure and less vulnerable hardware and software products.  
  1. Have sufficient understanding about security information and properties of the connected products they buy and use. 
  1. Know that manufacturers are held accountable for the security of the connected products and software from the design phase and throughout the entire lifecycle. 

What to keep an eye on? 

Keeping IoT systems and connected products secure is an ongoing task. In that sense, you need to make sure that your IoT solutions provider prioritizes security, invests in it and works on it regularly and continuously.  

When evaluating which IoT partner to trust with the creation of your company’s IoT solution, make sure to ask questions. For example: 

  • Do they create IoT products that are prepared not only for the security requirements of today but also for tomorrow?  
  • What engineering techniques and good practices are followed?  
  • Do they automate and standardize as many steps as possible to decrease the chances of human error?  
  • Do they secure every component in the system in more than one way?  
  • Do they have cybersecurity knowledge in-house?  

And, in their answers, take notice of the following key words and practices:  

  • Routine risk assessments. 
  • Implementation of several layers for every risk mitigation.  
  • Penetration tests.  
  • Continuous monitoring of the system.  
  •  Over-the-air (OTA) updating.  
  • Secure Elements and individual encryptions per device.  
  • Designing systems from the ground-up (no bolt-on engineering).  

“An IoT solution is only secure if each one of its components is.” 

EVALAN’s approach 

At EVALAN we regard security as essential, which is why we put extra development time, extra testing and extra investment into it. Our security by design strategy has a comprehensive approach that requires us to incorporate multiple policies and best practices from initial stages, across the entire system and throughout its lifecycle. 

Furthermore, knowing how challenging it is for clients to have to deal with diverse vendors with different expertise to get one IoT solution, EVALAN decided to focus in developing solutions that are centered on the most critical link in the IoT chain. This allows us to ensure the highest security for our clients, while providing them with only one vendor to deal with and a single point of ownership when they need support.  

Finally, since all our IoT solutions are built with security in mind, our clients will always have the possibility to scale as their company grows, without introducing vulnerabilities to the IoT system.  

Where is the CRA now? 

Currently, the CRA is being reviewed by the European Parliament and the Council for subsequent adoption. Once adopted, all Member States must approve its requirements within two years. In that sense, all manufacturers of products with “digital elements” that are interested in selling their products in the European market must be prepared to comply with the CRA.  

Share this article

Upcoming events

InfraTech2023

Solar Solutions

IoT Expo

Contact us

More Blogs

Industry

Infrastructure: IoT Remote Data Monitoring

The use of IoT data monitoring in the infrastructure sector has the potential to reduce costs and downtime.
Industry

Do you wonder how to get started with IoT?

IoT is conquering the world. You don’t want to be left behind. How do you get started?
GovernmentIndustry

New EU Cybersecurity Act: IoT

The legislation will help to enforce common cybersecurity standards and reassure consumers that the internet connected “things” they buy are secured.
Energy & Water

How to connect your solar power installation to the cloud 

Connecting your solar power installation to the internet will allow you to monitor and manage all parameters that affect its output remotely and in real time.
BuildingsGovernmentIndustryLogistics

Should I make or buy my IoT solution?  

Our Product Manager answers the question.
GovernmentHealthcareIndustry

The team behind ARMOR Heat Monitor: #2 – Govert van der Gun, Product Manager

"We solve problems with IoT solutions to give your business a competitive advantage."