A naukri.com initiative
Ubuntu
1M
341
Image Credit: Ubuntu
Ubuntu Blog: What the Cyber Resilience Act (CRA) means for IoT manufacturers
- The upcoming EU Cyber Resilience Act (CRA) has cybersecurity requirements for all device manufacturers and developers, covering areas such as robust organizational security processes, monitoring and patching vulnerabilities, proper reporting channels for vulnerability discoveries, and legal collection, storage, and processing of private user data. IoT devices should have a strong support foundation and centralized update mechanisms. The OS they employ is the most critical security factor that needs to be considered.
- Ubuntu blueprint offers robust foundations for compliant device design that is meeting CRA readiness. Compliant devices should have an OS that is simple, functional, has a minimal attack surface and should include security updates. The OS must have a centralized update mechanism, authenticated updates, automatic rollback of updates, and self-contained applications.
- The design must have ongoing support in the long term, even years past their intended life cycle with clear and comprehensive documentation and software supply chains. Additionally, device manufacturers should refine their choice of upstream providers to take advantage of software stacks with well-documented, already-available lists of their dependencies, components and other vital information.
- The CRA will have considerable impacts on IoT devices. Device manufacturers, among other considerations, have to provide a schedule of updates to their devices across their entire life cycle, documentation requirements, vulnerability disclosure demands, and transparency expectations. There are many factors of IoT device design and security to consider when making IoT devices market-ready.
- Ubuntu blueprint is a great approach for IoT device design, and security that incorporates the various requirements of the CRA. In addition, you can evaluate your service and software providers to choose those that make it effortless to meet your CRA obligations. Canonical develops and maintains many tools and products designed with security in mind, supported through security maintenance and vulnerability patching, and aligned with the regulatory oversight in the CRA.
- Following CRA compliance can seem overwhelming; IoT device manufacturers and developers should adhere to good cybersecurity principles at the design level, have robust organizational security processes, and implement clear processes for monitoring, patching vulnerabilities, and ongoing support for devices. Compliant manufactures should design their devices to provide users with a definite assurance of the devices’ safety and reliability, in addition to providing security by default.
- IoT devices should have applications that are self-contained and sandboxed, and the OS should feature familiar architectures and known coding methods. Simplicity is the key, as the less complexity, the fewer points of vulnerability. IoT devices should have a strong support foundation, and centralized update mechanisms, including authenticated updates, automatic rollback, and regular patches.
- Ubuntu Pro for Devices ensures IoT devices receive security maintenance for up to 12 years. Canonical develops and maintains a stack of open source tools designed around CRA compliance. Lastly, the simpler route is to use a stack of open source tools that are designed around CRA compliance, such as Yocto or Ubuntu Core for embedded devices, if you're unsure about your software supply chain and its ability to meet the CRA’s regulatory standards.
- IoT device manufacturers that want their products to remain viable for EU markets can re-examine the OS and tech stack their devices run on and the cybersecurity approaches and processes that they rely on to get their products ready to market.
Read Full Article
20 Likes
For uninterrupted reading, download the app