The global and independent platform for the SAP community.
Community News, Mag 23-03

Cyber Resilience Act

The EU Commission's Cyber Resilience Act (CRA) aims to close the digital patchwork around network-connected devices and equipment, from printers to routers to industrial control systems.
E-3 Magazine
31 March 2023
Content:
avatar
This text has been automatically translated from German to English.

EU cyber resilience regulation could mean millions in fines

Industrial networks and critical infrastructures require special protection. According to the European Union, there is currently a ransomware attack every eleven seconds. To hold manufacturers, distributors and importers accountable, they face stiff penalties if security vulnerabilities in devices are discovered and not properly reported and closed. "The pressure on the industry - manufacturers, distributors and importers - is growing immensely. The EU will implement this regulation without compromise, even if there are still some steps to be taken, for example with the local state authorities," says Jan Wendenburg, CEO of Onekey. The penalties for affected manufacturers are high: up to 15 million euros or 2.5 percent of global annual sales in the past fiscal year - the larger number counts.

"This makes it unmistakably clear that manufacturers face severe penalties if they fail to implement the requirements," said Wendenburg. The European Commission's proposal provides for the requirements to apply as early as 24 months after the regulation comes into force. Individual elements, such as the obligation to report safety incidents, are to apply after just 12 months. "The time horizon is tight, considering that orders for IT products are already being placed with OEM manufacturers this year for the coming 12 to 18 months. Therefore, the time situation must be considered and resolved now, before a product ends up not being launched on the market due to defects or the market launch is delayed," explains Jan Wendenburg.

The company Onekey operates a firmware analysis platform for finding security vulnerabilities in smart and connected devices, from vacuum cleaner robots to industrial control systems worth millions. With a Cyber Resilience Readiness Assessment, they offer the possibility for manufacturers, distributors and importers to already check their products for essential requirements of the Cyber Resilience Act and furthermore to investigate security gaps and also to fill the SBOM (Software Bill of Materials) required by the EU Commission with content.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


All articles of the author

Write a comment

Quick Transformation From a Single Source

We Have a Security Problem

SAP Trends 2024—Cloud or On-prem?

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.