Insights > Network Visibility + Security

Time To Act on Cyber Resilience?

2022-10-24  |  4 min read 

The EU has drafted a new Cyber Resilience Act.  Let’s examine how this drive to improve cyber resilience will affect us all.
 
Earlier this month, the EU announced a proposal for a Cyber Resilience Act to address widespread vulnerabilities in hardware and software products.  The Act calls out the underlying drivers for such an act that we are all too familiar with.
 

Source: Cyber Resilience Act Factsheet


This is the first ever EU-wide legislation of its kind and, once adopted, will mandate compliance with some aspects within one year.  Economic operators and the Member States will have to adopt the new requirements within two years.
 
In recent years, several directives have been designed to drive better cyber security practices, but none have addressed the digital elements' whole lifecycle.  The two stated main objectives of this directive are:

 

  1. create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle; and
  2. create conditions allowing users to consider cybersecurity when selecting and using products with digital elements.

 
There are Billions of Connected Devices. Most Aren't Secure
 
For years, connected devices have been deployed with known vulnerabilities, manufactured with weak chipsets, lack encryption, hardcoded default passwords, and often no ability to update the software.

Either deployed with known vulnerabilities and no ability to patch future ones has led to some infamous incidents like Mirai that led to colossal DDoS attacks in 2016, and more recently BotenoGo, in which attackers exploited the same vulnerabilities. 


This Regulation aims to set the boundary conditions for developing secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and that manufacturers take security seriously throughout a product’s life cycle.
 

How can Keysight Help You?
 
Keysight’s IoT Security Assessment Solution allows organizations to quickly identify a broad range of known and unknown attacks in virtually any connected device, validating Wi-Fi, cellular, Ethernet, CAN bus, Bluetooth, and BLE.
 
Our software has already been used to find and publish dozens of CVEs impacting over a billion devices. It also includes a feature to enable quick replay of lethal packet sequences it discovers.
 
Keysight’s patent-pending intelligent fuzzing engine seeks out hidden flaws in communication stacks.
 

IoT Security Assessment GUI
IoT Security Assessment GUI


The ongoing research from our Application and Threat Intelligence (ATI) Research Center ensures regular updates, allowing you access to the latest protocol fuzzing and attack techniques.


 
Find it before they do with Keysight’s IoT Security Assessment
 
Learn more about the EU’s Cyber Resilience Act
 
 
Want help or have Questions?
Contact Us