Spain, in line with the new Cyber Resilience Law of the European Union, has established that all connected devices, including routers, switches, and home automation systems, must certify their cybersecurity in order to be commercialized in the country. This measure aims to protect consumers and businesses from the inherent security risks of these devices.
The Cyber Resilience Law, recently approved by the Parliament and the European Council, requires that all connected devices sold in Spain and Europe comply with strict cybersecurity standards. Manufacturers of these devices will have a period of 3 years to adapt to the new regulations and must pass cybersecurity tests before their commercialization.
Key Details
Mandatory Certification: Devices such as routers, switches, and home automation systems must pass cybersecurity tests before their sale.
Security Maintenance: Manufacturers are obligated to release security updates during the product’s lifespan and report new vulnerabilities within the first 24 hours of their discovery.
Prevention of Cyber Attacks: The measure seeks to prevent insecure devices from being exploited in denial of service attacks, cryptocurrency mining, among others.
Specific Requirements
Secure Default Configuration: Devices must include an initial secure configuration that the user can easily restore.
Encryption of Personal Data: Devices handling personal data must encrypt this information.
Fault Tolerance and Reduced Dependency: It is important for devices to be resistant to attacks and minimize their dependency on external services.
Automatic Updates: Devices must include mechanisms to automatically update the software and notify the user of their availability.
Impact on the Industry
Increased Security for Consumers: Users will have greater confidence in the security of the products they purchase.
Challenges for Manufacturers: Companies will have to invest in the development and maintenance of higher security standards.
Government Surveillance: The Spanish government will have access to information about vulnerabilities before they are patched.
Controversies and Concerns
Despite the benefits in terms of security, there are concerns about how governments could use information about unpatched vulnerabilities. Organizations such as Eset and Google have expressed concern about the possibility of these vulnerabilities being exploited for espionage purposes.
The Cyber Resilience Law is a significant step towards a safer digital environment in Spain and Europe. However, its implementation will require a careful balance between consumer protection and privacy, as well as ongoing commitment from manufacturers to keep their products secure.
via: Comisión Europea and bandaAncha.