Implications and Advantages of Incorporating Built-in Security in the Cyber Resistance Legislation
The Center for Data Innovation is hosting a webinar on November 14, 2022, where Kir Nuthi, Senior Policy Analyst, will discuss the Cyber Resilience Act (CRA), the basics of security-by-design, and whether this approach will effectively tackle future cybersecurity risks.
The CRA, recently presented by the European Union, aims to protect Europe's collective security and minimize cybersecurity incidents, particularly for the Internet of Things. The Act seeks to address gaps in Europe's existing cybersecurity regulatory framework and bolster the cybersecurity of digital products used by EU consumers.
The CRA's security-by-design mandate establishes a foundational framework to reduce common vulnerabilities and enforce rigorous security standards from the earliest stages of product development. This lifecycle approach, combined with mandatory vulnerability reporting and mandatory update mechanisms, should significantly improve baseline cybersecurity resilience and reduce attack surfaces in future products.
However, the fast pace of evolving cybersecurity risks means that security-by-design alone cannot address all future threats. Continuous vigilance, real-time threat intelligence sharing, responsive patching, and possibly more adaptive security mechanisms will still be necessary complements to the CRA framework.
Kir Nuthi will be joined by Katerina Demetzou, Policy Counsel for Global Privacy at the Future of Privacy Forum, Anna Bosch, Senior Policy Associate at ACT | The App Association, and Raluca Stefanuc, Policy Officer at DG Connect. The webinar aims to be a forum for discussion and learning about the CRA and related topics.
It's important to note that the webinar is not an advertisement for any specific product or service. Instead, it serves as an opportunity to delve deeper into the arguments for and against the CRA's security-by-design approach and its effectiveness in tackling future cybersecurity risks.
While the CRA is seen as a progressive and essential step toward embedding cybersecurity into the core of digital products, it is not a silver bullet and must be paired with ongoing risk management and adaptive security practices to fully tackle the complexity of future cyber threats. Opponents of the CRA also worry that it could stifle innovation.
The webinar will take place on November 14, 2022, from 3:00 PM to 4:00 PM (CET) / 9:00 AM to 10:00 AM (EST). Those interested in attending can register for the event on the Center for Data Innovation's website.
- The Cyber Resilience Act (CRA), proposed by the European Union, intends to leverage AI and cybersecurity technology to address weaknesses in the existing cybersecurity regulatory framework and minimize cybersecurity incidents in the Internet of Things, particularly among EU consumers' digital products.
- In discussing the CRA, Kir Nuthi and other panelists will examine whether the Act's security-by-design mandate, intended to reduce common vulnerabilities and enforce rigorous security standards in product development, will effectively counteract future cybersecurity risks.
- The panelists will debate the potential impact of the CRA on privacy, innovation, and technology, addressing the concerns that the Act might hinder technological advancements and creativity.
- The Center for Data Innovation's webinar aims to contribute to the ongoing discussion about the CRA and its implications on various aspects of data, privacy, technology, and the Internet of Things, while avoiding promoting specific products or services.
