London (Parliament Politic Magazine) – The Network Resilience Coalition was officially announced on Tuesday, July 25th, boasting an impressive lineup of 11 founding members. This esteemed group includes industry giants such as Cisco, Intel, AT&T, Broadcom, and Fortinet. The primary objective of this coalition is to bolster the security of software and hardware updates, while simultaneously enhancing the mitigation of cyber risks within the networks of various tech companies.
Interestingly, this initiative coincides with certain provisions outlined in the Cyber Resilience Act, a draft law proposed by the European Union. This legislation aims to establish stringent security requirements for connected devices. As per the new cybersecurity regulation, manufacturers are obligated to ensure the provision of security patches and effective vulnerability handling throughout the entire lifespan of their products.
The Network Resilience Coalition endeavors to bring together technology providers, security experts, and network operators to address the existing gap by implementing software and hardware updates. As per a statement from Cisco, the coalition aims to openly and collaboratively tackle global cybersecurity challenges. Here is what they have to say:
“We aim to ensure more clarity on the lifetime of the product. That is a really important step,” emphasized Paul Waller, head of capability research at the UK-based National Cyber Security Centre (NCSC).
According to Patrick Wheeler who is the director of workforce development program: “There are many entities that wish to have an impact, and these often fall into two categories, Commercial and Not-Commercial’’. He further continues:
“While the dream of Public-Private Partnership lives on, the reality is often far from this. The list of founding members are big commercial players and mostly US-based, but far from top-tier cybersecurity ‘influencers’.”
End-of-life Cybersecurity Risks
An end-of-life product refers to a product that has reached the end of its lifecycle, leading to the discontinuation of updates, services, and support from the vendor.
The risks associated with EOL hardware and software are significant, as malicious actors can exploit vulnerabilities in these products. Brad Arkin, the leader of Cisco’s Security and Trust Organization, explains that attackers can gain control over the equipment by leveraging shared credentials and default configurations.
It is crucial to understand the implications of using EOL products. Once a product reaches its end-of-life, the vendor no longer provides necessary updates, leaving it vulnerable to potential security breaches. Malicious actors can exploit weaknesses in the equipment, potentially causing significant harm to the organization. One of the primary means through which attackers can execute such attacks is by taking advantage of shared credentials and default configurations.
According to Arkin: “The current system is not working because the information on vulnerability on devices is publicly available.” This vulnerability makes it exceptionally convenient for attackers to gain control over an End-of-Life (EOL) hardware or software.
European Parliament members advocate for a requirement that whenever a manufacturer designates a product’s expected lifespan as less than five years, users should have the ability to obtain the necessary security products to ensure continuous safety. Under such circumstances, the original manufacturers may be compelled to reveal the source code to the security provider.
New Rules Targeting Cybersecurity Risks
Draft European Union rules announced on Thursday mandate the evaluation of cybersecurity risks for a wide range of smart devices connected to the internet, including laptops, fridges, and mobile apps. This initiative comes in response to mounting concerns over the surge in cyber attacks.
Under the proposed law, known as the Cyber Resilience Act, companies failing to adhere to the European Commission’s regulations could face hefty fines of up to 15 million euros ($15 million) or 2.5% of their total global turnover. Manufacturers will be obligated to rectify any identified issues to ensure compliance.
This legislation aims to safeguard the integrity and security of smart devices, recognizing the critical role they play in our daily lives. According to the EU executive, companies have the potential to save a staggering 290 billion euros each year by preventing cyber incidents, compared to the relatively modest compliance costs of approximately 29 billion euros.
In recent years, the occurrence of prominent cases involving hackers causing significant harm to businesses and extorting exorbitant ransoms has amplified concerns regarding vulnerabilities in operating systems, network equipment, and software.