Tech firms form coalition to combat cybersecurity risks ahead of EU rules – EURACTIV.com | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


While the EU is finalising new cybersecurity legislation to force vendors and service providers to provide security updates throughout a product’s lifetime, leading tech companies are getting a head start.

The Network Resilience Coalition was announced on Tuesday (25 July) with 11 founding members, including Cisco, Intel, AT&T, Broadcom, and Fortinet, to increase the security of software and hardware updates and improve the mitigation of cyber risks in networks of tech companies. 

The initiative overlaps with some of the provisions of the Cyber Resilience Act, an EU draft law to introduce security requirements for connected devices. Under the new cybersecurity regulation, manufacturers must ensure security patches and vulnerability handling throughout the product’s expected lifetime.

“Too often we see organisations fall victim to a cyberattack because an existing critical update or patch wasn’t made,” explained Ari Schwartz, coordinator of the Center for Cybersecurity Policy & Law and a leading voice in cybersecurity policy.

New Coalition

The Network Resilience Coalition aims to unite technology providers, security experts, and network operators to fill the lack by implementing software and hardware updates.

According to a statement from Cisco, the coalition is meant to address global cybersecurity issues openly and collaboratively.

“We aim to ensure more clarity on the lifetime of the product. That is a really important step,” emphasised Paul Waller, head of capability research at the UK-based National Cyber Security Centre (NCSC).

How to define an expected product lifetime is still open for discussion among EU policymakers, but the general direction is that the manufacturers should establish it on their own and communicate it before purchase.

“There are many entities that wish to have an impact, and these often fall into two categories, Commercial and not-Commercial,” Patrick Wheeler, director of the workforce development program CyberWayFinder, told EURACTIV.

“While the dream of Public-Private Partnership lives on, the reality is often far from this. The list of founding members are big commercial players and mostly US-based, but far from top-tier cybersecurity ‘influencers’,” Wheeler added.

End-of-life cybersecurity risks

An end-of-life product is one that has reached the end of its lifecycle, resulting in discontinued updates, services, and support from the vendor.

The risks of EOL hardware and software include malicious actors can take control of the equipment via its vulnerabilities. The means to execute such an attack include shared credentials and default configurations, explained Brad Arkin, leader of Cisco’s Security and Trust Organisation.

“The current system is not working because the information on vulnerability on devices is publicly available,” added Arkin. This makes it particularly easy for attackers to take control of an EOL hardware or software.

Members of the European Parliament want that whenever a manufacturer sets a product’s expected lifetime shorter than five years, users must be able to acquire the applicable security products to ensure ongoing safety.

In these cases, the original manufacturers might be forced to disclose the source code to the security provider.

Next Steps

Coordinated by the Center for Cybersecurity Policy & Law, the coalition will, as a first step, draft a strategic paper that will serve as the foundation.

According to Cisco, ongoing coalition meetings are underway and will continue as the body expands.

Both the Committee of Permanent Representatives (COREPER) and the European Parliament’s Industry Committee adopted their positions on the Cyber Resilience Act on 19. July. Trilogues- discussions between the European Council, Parliament and Commission- are expected to start in September.

Europe’s missing plan on quantum cybersecurity threats

Europe must prepare for a future in which powerful quantum computers are commercially available, allowing hackers to decode previously-encrypted material, experts and industry practitioners have urged, while calling for an action plan.

[Edited by Luca Bertuzzi]/Alice Taylor]

Read more with EURACTIV



——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW