An overview of the current regulatory landscape
Looking at the current regulatory landscape regarding cybersecurity in the Internet of Things, we see a global evolution on policies and regulation related to cybersecurity and privacy.
By Jacques Kruse Brandao, Global Head of Advocacy Digital Trust Services, SGS
Looking at the current regulatory landscape regarding cybersecurity in the Internet of Things, we see a global evolution on policies and regulation related to cybersecurity and privacy. Countries or regions like the UK, Japan, and California began to pass laws related to cybersecurity baseline requirements while referring to best practices like Security-by-Design, secure SW Updates or a minimum duration of security patches. Germany is about to propose an IT Security Law 2.0.
In parallel, several other players are in the preparation of complete frameworks like the European Cybersecurity Certification Framework or the Cyber-Physical Security Framework in Japan, besides reviewing activities related the resilience of their essential services and critical infrastructures. In the US, the Cyberspace Solarium Commission published a report that proposes a National Cybersecurity Certification and Labelling Authority.
At the virtual Charter of Trust Geneva Roadshow recently, we had the chance to learn from Swiss Federal Cyber Security Delegate Florian Schütz about Switzerland’s intension of to ensure the integrity of entire supply chains. From Dr. Raphael M. Reischuk, the Vice-President of the Cybersecurity Commission of ICT Switzerland, we learned about a proposal for a Swiss Conformity Assessment Institute. This was aimed at increasing trust in certifications and to ensure conformity, which would be a complementary step to the Charter of Trust’s Principle 2 baseline requirements for the supply chain.
Most of these initiatives on regulation are not yet completed. As the Charter of Trust, we are ready to add value with our industry perspectives on secure supply chains, and to further discuss the importance of harmonized cybersecurity requirements. In order to build trust in a hyper-connected world, we may also need to think about the importance of efficient and independently verifiable Security by Design. This would strengthen the ability of suppliers to continue offering compliant products and services in the future.