All Stories
Follow
Subscribe to ONEKEY GmbH

ONEKEY GmbH

Importers and distributors are considered manufacturers: EU Cyber Resilience Act raises stakes

Importers and distributors are considered manufacturers: EU Cyber Resilience Act raises stakes

OEM products become a cyber risk for chain stores, buying cooperatives and many more

Düsseldorf/Germany, October 24, 2022 – The Cyber Resilience Act aims to close gaps in cybersecurity across the entire supply chain of products and protect consumers and companies from dangerous attacks by hackers. As a result, importers and distributors are also liable now – and in some cases are even considered manufacturers by the EU. "Thus, we have the situation that importers of OEM goods that are labeled only – all the way to Internet providers who make devices available to their customers under their own name – are considered manufacturers and must also fully comply with the regulations for manufacturers," says Jan Wendenburg, CEO of ONEKEY. In consequence, every product with digital elements – i.e. a microprocessor – must be protected during its entire life cycle against vulnerabilities that can be exploited by hackers. Associated with this are reporting and due diligence requirements, as well as the creation of a pedigree of all digital components in the form of a Software Bill of Materials (SBOM). So far, however, importers and large distributors of OEM goods from Asia are hardly equipped to deal with this case, and the necessary resources and competencies must be built up quickly in order to carry out these checks.

EU intervenes in supply chains

"The EU Commission is thus interfering with the established structures of the IT distribution model. Many companies order white-labeled goods from large Asian manufacturers, who rarely meet the new security requirements of the Cyber Resilience Act and have no primary interest in complying with them. The new regulation, which is right for consumers and users in the economy, thus requires a structural rethinking of the previous trading model," Jan Wendenburg of ONEKEY further explains. His company enables software-supported automated analysis of connected smart devices, including all assemblies and components used, to detect previously unknown vulnerabilities. On this basis, ONEKEY can already create a SBOM with the complete DNA of a connected device.

Companies that adapt their processes in due time can optimize the time-to-market for new products also based on the new regulations and reduce the liability risk. Automated analysis and test routines are a prerequisite, however, because even in the event of an update of one of the components, the security and integrity of the device must continue to be guaranteed.

Security also for existing devices

"We deserve to feel safe with the products we buy in the single market," stated Executive Vice-President for a Europe Fit for the Digital Age Margrethe Vestager in an EU press release. "It will put the responsibility where it belongs, with those that place the products on the market," Vestager further specified. With the concept of "integrated cybersecurity," the Commission wants to take countermeasures, she said. "This step is right and important. In recent months, not only the frequency but also the impact of attacks has increased. In addition, it is becoming increasingly clear that there are countless systems in use in connected products and corporate environments alone that still contain numerous vulnerabilities and urgently need to be investigated as well," analyzes cybersecurity specialist Wendenburg. Thus, ONEKEY is receiving an increasing number of inquiries from industry and business, and a large number of security vulnerabilities up to possible zero-day exploits could be found and fixed.

Are you wondering if you are prepared for the Cyber Resilience Act? You can book a CRA Readiness Assessment with ONEKEY under the following link: https://onekey.com/cra-readiness-assessment

About ONEKEY:

ONEKEY is a leading European specialist for automatic security & compliance analyses for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations via automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, completely without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the entire product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Further Information: ONEKEY GmbH,  
Sara Fortmann, E-Mail:  sara.fortmann@onekey.com,
Kaiserswerther Straße 45, 40477 Düsseldorf, Germany,  
Web:  www.onekey.com
 
PR Agency: euromarcom public relations GmbH,
Mühlhohle 2, 65205 Wiesbaden, Germany,
Phone: +49 611 9731 50, E-Mail:  team@euromarcom.de,
Web:  www.euromarcom.de

- - - -

More stories: ONEKEY GmbH
More stories: ONEKEY GmbH
  • 10.10.2022 – 14:20

    EU Cyber Resilience Act becomes a Tour de Force for the Industry

    EU Cyber Resilience Act becomes a Tour de Force for the Industry Time-to-market becomes a gamble without automated analysis routines Düsseldorf/Germany, October 10, 2022 – All products with digital elements – from routers to smart refrigerators to televisions and, above all, any modern industrial equipment – should no longer pose cyber risks to users in the future. This is what the EU Commission is demanding, and ...

  • 29.09.2022 – 14:05

    ONEKEY announces automated detection of zero-day vulnerabilities

    ONEKEY announces automated detection of zero-day vulnerabilities New platform for automated discovery of unknown 0-day vulnerabilities for producers of connected devices and operators of industrial control systems Düsseldorf/Germany, September 29, 2022 – For the first time, European IoT/OT security specialist ONEKEY is enabling software-based automated detection of ...

  • 15.09.2022 – 10:45

    ONEKEY is "Top Industrial IoT Solutions Provider in Europe"

    ONEKEY is "Top Industrial IoT Solutions Provider in Europe" Leading US magazine selects German company as one of the top IoT security providers Düsseldorf/Germany, September 15, 2022 – Software "Made in Germany" also enjoys an excellent reputation in the USA: last year, the US magazine "Manufacturing Technology Insights" selected solutions provided by Siemens, Software AG and Cap Gemini as top class in the field of ...