Witekio | Navigating the EU Cyber Resilience Act: Avoid Penalties and Enhance Security

03 Jul 2024 - 03 Jul 2024

Online Webinar, EMEA

Live Presentation Date: July 03, 2024 I 15:00 CEST 

In an era where digital threats are escalating, the EU Cyber Resilience Act (CRA) is set to redefine the landscape of cybersecurity compliance. With significant fines and penalties for non-compliance, ensuring robust cyber resilience has never been more critical.

Join Witekio and EBV Elektronik for an in-depth webinar where we unravel the intricacies of the EU Cyber Resilience Act (CRA) and provide practical insights on how to navigate this regulatory landscape from a hardware and software standpoint.

Whether you're an Original Equipment Manufacturer (OEM), an engineer, or a product manager, this session is tailored to equip you with the knowledge you need to stay ahead in the ever-evolving cybersecurity domain.
 

You'll learn:
 

• How EBV can help keep you compliant
• The real cost of cyber attacks
• Cyber Security Act vs. Cyber Resilience Act
• Overview of existing EU cybersecurity regulations: RED, NIS2, CSA
• Targeted products and timeline for CRA deployment
• Summary of the CRA requirements for OEMs
• Security Risk Assessment / Vulnerabilities Management
• Communication with other entities
• Security by design: how to do and use a security risk assessment?
• Devising a solution: security objectives (for the product and for its environment)
• Monitoring and patching vulnerabilities: tools and practices
• Challenges for producing a proper Software Bill of Materials

Agenda: (45 minutes + 15 minutes Q&A)
 

• Introduction of CRA regulation
   
• EBV’s Hardware features to meet CRA requirements and supplier solution overview
  • STMicroelectronics 
  • Infineon
  • NXP
  • Microchip
  • Espressif
     
• Navigating the EU Cyber Resilience Act: Main CRA pain points and implications for device software
  • Motivations and Objectives for the EU Cyber Resilience Act
  • Rising threats landscape
  • Operational threats
  • Devices as attack vectors for systems
  • The real cost of cyber attacks
  • Cyber Security Act vs. Cyber Resilience Act
  • Overview of existing EU cybersecurity regulations: RED, NIS2, CSA
  • EU takes a more compelling position
  • Fines and penalties
  • Targeted products and timeline for CRA deployment
  • Unclassified vs. Important vs. Critical products
  • Self-assessment vs. 3rd party assessment
  • Summary of the CRA requirements for OEMs
  • Security Risk Assessment
  • Vulnerabilities Management
  • Communication with other entities
  • Challenges and solutions
  • Security by design: how to do and use a security risk assessment?
  • Laying out the problem: attack surface, threats, attack paths
  • Devising a solution: security objectives (for the product and for its environment)
  • Injecting the security objectives in a development process
  • Monitoring and patching vulnerabilities: tools and practices
  • Challenges for producing a proper Software Bill of Materials
  • How to get CVEs from a SBOM?
  • How to efficiently process CVEs?
  • Dealing with composition: who is responsible for what?
     
• Q&A

 

Speakers:

Julien Bernet, Head of Security Witekio

Julien is the Head of Security for Witekio and has over 15 years of experience in the cybersecurity field.
After completing his PhD in computer science, he worked for various software security labs with a focus on embedded devices and smart cards. Thanks to his work as a security consultant and Pentester he has firsthand experience of security evaluations across a range of industries and technologies.
In his role as the Head of Security for Witekio, Julien is in charge of the development and evaluation of the company’s internal security framework and defining the security architecture for customer developments.

 

Daniel Bartz, FAE Security & Identification EBV Elektronik

Daniel joined EBV as FAE for embedded security and NFC/RFID, over 8 years ago.
In this role he supports customers throughout EMEA. Before he worked in smartcard R&D and held positions in automotive and industrial development.

Register Now