4
min reading time
In the past decade, several cyberattacks targeting critical infrastructures came to light. Cybercriminals are no longer seeking to steal personal information only, like credit card details from private individuals, but attempt to hinder or debilitate the operation of online infrastructures that can cause serious upheaval in real life, and is a matter of national security.
Before digging deeper into this phenomenon and discovering how the EU intends to regulate IT security in this regard, let’s start at the beginning, and explore what critical infrastructures really are.
What are critical infrastructures?
Critical infrastructures are the physical and cyber systems and assets of a country or region that are so fundamental to its fluid operation that their incapacity or destruction would have a devastating impact on our physical or economic security or public health or safety.
These systems are for instance; nuclear facilities, power grids, hospitals, oil and gas facilities, banks or drinking water supplies.
Even though these cyberattacks are less widespread than other malevolent attacks, security professionals are showing concern about the increasing cyber-risks of these infrastructures due to the widespread utilization of IoT devices.
What are the critical factors that make them susceptible to cybercrime?
How the EU regulates IT security?
There have been many attempts from the European Union to put in place IT regulations within its borders. To support cyber resilience, the European Commission presented the new Cybersecurity Strategy in 2020 consisting of 4 pillars, which are designed to bolster the EU’s online safety against cybercriminals.
The 4 pillars of the strategy are:
Image source: https://ec.europa.eu/info/strategy/priorities-2019-2024/promoting-our-european-way-life/european-security-union_en
“The strategy covers the security of essential services such as hospitals, energy grids, railways, and the ever-increasing number of connected objects in our homes, offices, and factories. The strategy aims to build collective capabilities to respond to major cyberattacks. It also outlines plans to work with partners around the world to ensure international security and stability in cyberspace. Moreover, it outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to Member States and the EU.” - The Cybersecurity strategy
The German KRITIS to regulate critical infrastructures
Apart from the EU’s comprehensive attempts to tackle cybercrime, certain countries have taken the matter in their own hands. In 2011, Germany created its own Cyber Security Strategy, called KRITIS, to control the security of its own critical infrastructures. Its objective is to thoroughly protect the networked systems, while not creating obstacles for taking advantage of the opportunities and benefits of the cyberspace.
How can CCLab help your organization comply with regulations?
At CCLab our mission is to make the world a more secure place and to radically decrease the global cost of cybercrime. In case of critical infrastructure, we help organizations comply with the IEC 62443 international standard, which has become the leading cybersecurity standard for plants, facilities and other infrastructures across industries.
IEC 62443 is a set of security standards that provides a thorough and systematic set of cybersecurity recommendations that can be applied to build cybersecurIty that takes into account the infrastructures’ specification, integration, operation, maintenance, and decommissioning. Complying with this standard signifies the robustness, trustworthiness, and coherence of the system and provides an internationally recognized certificate that proves the achieved high level of cybersecurity.
Thanks to our demonstrated experience with critical infrastructure security and certification, our team at CCLab can assist your organization throughout the process, starting from the analysis and conformity assessment until the validation of the certification.
This downloadable infographics introduces the Common Criteria Evaluation process to you. Explore now for free.
Learn everything you need to know for a successful Common Criteria certification project. Save costs and effort with your checklist.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
8
min reading time
In today's interconnected world, the landscape of cybersecurity is continuously evolving. With the proliferation of digital technologies and the internet, businesses are increasingly exposed to cyber threats. The risks are numerous and ever-changing, from data breaches and malware attacks to phishing schemes and ransomware. In this context, identifying the best cybersecurity certifications that suit your business needs becomes crucial.
11
min reading time
CCLab Ltd. has successfully completed the CBTL audit and obtained authorization as a CB Testing Laboratory (CBTL) under the international IECEE CB scheme. Based in Hungary, CCLab successfully extended its cybersecurity testing, evaluation, and certification capabilities officially on 24th May 2024, for consumer IoT devices compliant with ETSI EN 303 645 and industrial automation and control systems specialized in IEC 62443-4-1 /4-2 standards within the IECEE CB scheme. Certificates issued under the CB scheme are currently accepted in over 50 countries.
2
min reading time