All Stories
Follow
Subscribe to ONEKEY GmbH

ONEKEY GmbH

EU Cyber Resilience Act becomes a Tour de Force for the Industry

EU Cyber Resilience Act becomes a Tour de Force for the Industry

Time-to-market becomes a gamble without automated analysis routines

Düsseldorf/Germany, October 10, 2022 – All products with digital elements – from routers to smart refrigerators to televisions and, above all, any modern industrial equipment – should no longer pose cyber risks to users in the future. This is what the EU Commission is demanding, and with the Cyber Resilience Act – a law on “cyber resilience” (Download preliminary PDF version) – it is stipulating that products "with digital elements," such as hardware and software, must be protected against vulnerabilities that can be exploited by hackers during their full life cycle in the future. "This law will be a tour de force for the industry. The regulation is overdue and makes a lot of sense, as especially in recent months more and more such vulnerabilities have been mercilessly exploited by smart devices or used as a gateway into networks. However, the time-to-market for new products and equipment will suffer enormously from the set of rules, and without automated analysis and testing routines, the process is almost impossible to map," says Jan Wendenburg, CEO of ONEKEY. For the first time, the European IoT security specialist enables software-based automated analysis of binary software to detect previously unknown vulnerabilities – up to zero-day gaps.

Software bill of materials (SBOM) solves many problems

Until recently, neither users nor producers or distributors were aware of the "ingredients" that make up products with digital elements and network connections. This is a problem, though, because the use of third-party code is spiraling out of control. In general, software has long since ceased to be developed in a single source, but it is assembled from modules, i.e. components – whether open-source or binary-licensed software. This component construction method is used in order to lower development costs and save time. The challenge is that the components can contain components again – and so deeply nested, the own firmware can contain malware, bugs or other vulnerabilities all of which the developer is unaware. "Without a robust and reliable code review process, companies cannot be sure of the threats and have, according to the Cyber Resilience Act, one foot in the future punishable space," Wendenburg continues. ONEKEY is one of the few providers worldwide that can already create the SBOM (Software Bill of Materials) with an automated firmware analysis without source code, and can also continue to maintain this steadily and fully automated during updates.

Industrial control systems particularly at risk

EU legislation also stipulates that producers must guarantee the security and integrity of components or products and systems for a period of five years or the intended life span of a product – the shorter period being relevant. Here, the ONEKEY security expert sees a need to catch up, especially in the case of industrial control systems: "IoT systems are in use in industry – in factories, in service and manufacturing – much longer, even if the producer discontinues the product after five years. Here, companies must be especially aware that the protection of the EU law ends at some point and personal responsibility begins," warns Jan Wendenburg of ONEKEY. Furthermore, in the near future the marketing of products with known vulnerabilities will be prohibited. This will put an end to the copy-paste engineering that is often common today and which frequently re-integrates undetected or even known bugs into new products. In the future, used components or final results must be tested to prevent old vulnerabilities from being copied into new products.

Wondering if you are Cyber Resilience Act ready?

ONEKEY’s Cybersecurity experts are ready to support you. Here, you will find more details.

About ONEKEY:

ONEKEY is a leading European specialist for automatic security & compliance analyses for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations via automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, completely without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the entire product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Further Information: ONEKEY GmbH,  
Sara Fortmann, E-Mail:  sara.fortmann@onekey.com,
Kaiserswerther Straße 45, 40477 Düsseldorf, Germany,  
Web:  www.onekey.com
 
PR Agency: euromarcom public relations GmbH,
Mühlhohle 2, 65205 Wiesbaden, Germany,
Phone: +49 611 9731 50, E-Mail:  team@euromarcom.de,
Web:  www.euromarcom.de

- - - -

More stories: ONEKEY GmbH
More stories: ONEKEY GmbH
  • 29.09.2022 – 14:05

    ONEKEY announces automated detection of zero-day vulnerabilities

    ONEKEY announces automated detection of zero-day vulnerabilities New platform for automated discovery of unknown 0-day vulnerabilities for producers of connected devices and operators of industrial control systems Düsseldorf/Germany, September 29, 2022 – For the first time, European IoT/OT security specialist ONEKEY is enabling software-based automated detection of ...

  • 15.09.2022 – 10:45

    ONEKEY is "Top Industrial IoT Solutions Provider in Europe"

    ONEKEY is "Top Industrial IoT Solutions Provider in Europe" Leading US magazine selects German company as one of the top IoT security providers Düsseldorf/Germany, September 15, 2022 – Software "Made in Germany" also enjoys an excellent reputation in the USA: last year, the US magazine "Manufacturing Technology Insights" selected solutions provided by Siemens, Software AG and Cap Gemini as top class in the field of ...

  • 07.09.2022 – 14:10

    Experts recommend: Managing Risks in the Software Supply Chain of Industrial Equipment & Products

    Experts recommend: Managing Risks in the Software Supply Chain of Industrial Equipment & Products New expert whitepaper on managing risks in the software supply chain using IEC 62443 and automated software BOMs now available! Düsseldorf/Germany, September 7, 2022 – With a new cybersecurity agenda, the German government wants to improve the security of industrial ...