…to connect the dots for cyber security.
Johanna Parikka Altenstedt, AFRY
As many conclude, cybersecurity needs to evolve to a cooperative risk management extending from the design stage and the the supply chain through the whole life cycle of the product or the digital component. To achieve this, it is necessary to enable the legal framework and the data feed into on-going risk assessments.
The EU’s new cyber security framework of new directives and laws sets the requirements for the businesses but leaves the question of exactly which requisites must be met to the national supervisory authorities and to the businesses themselves to judge. This means that in order to ensure that the production takes into account all cyber security requirements from the beginning of the product life cycle, so that these are properly incorporated both into the product and into the producer’s ability to meet EU cyber law requirements of support, updates, monitoring, training, exercises and tests, the legal competence in the organization is needed throughout the life cycle.
Among EU acts the two significant acts are the already adopted Cybersecurity Act, where the cybersecurity as a concept is being defined, and the NIS2 directive aiming a higher cybersecurity level around the common market. It should be implemented latest the 17th of October 2024 if the member state did not receive an exemption. The third important one is the Cyber Resilience Act (CRA) has been formally adopted and will introduced into force starting the spring 2025.
Johanna-Parikka-Altenstedt