NIS2 & CRA: Europe's Response to Cyber Shenanigans - Tudor Damian - NDC Security 2024
HTML-код
- Опубликовано: 28 мар 2024
- This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper
Attend the next NDC conference near you:
ndcconferences.com
ndc-security.com/
Subscribe to our RUclips channel and learn every day:
/@NDC
Follow our Social Media!
/ ndcconferences
/ ndc_conferences
/ ndc_conferences
In an era where cyber threats are getting increasingly sophisticated, Europe has stepped up its game with two pivotal regulations: the NIS2 Directive and the Cyber Resilience Act (CRA). These measures are redefining the cybersecurity landscape, offering comprehensive strategies to combat digital dangers.
In this session, we'll delve into the depths of both the NIS2 Directive and the CRA, unraveling their complexities and implications, looking at how they're changing the game, and what it means for businesses, individuals, and yes, even the humble smart devices in our homes. Walk away with insights that'll make you the star of your next virtual hangout, and have your smart toaster nodding in approval (well, metaphorically). 
Наука
I am very happy to see the EU step up here. There are SOOOOO many companies that are just "Why do I need to care" with regards to security. Just blowing off everything about it putting their consumers at risk if not just random citizens on the street. Yeah its gonna be a bit of work on the companies to implement, but reasonable safety should be an expectation regardless of the source of the potential danger. Having such a connected age means that there's many dangers there, and so there needs to be an expectation of safety as well.
Why thumbnail potrait like serial killer
This is a disaster waiting to happen (on top of the OSS concerns).
What is it about the EU that makes them so bad at considering unintended consequences.
Hmm, if we impose onerous regulatory requirements to anyone who supplies software to a key supply chain entity will that increase the range of tools and software they have to use or allow a few big companies that are better at managing legal liability that writing software dominate?
And what happens if we make it the case that every time a vendor discovers a major security vulnerability they face more onerous mandatory reporting and potential PR/buisness consequences? Do we think that will encourage buisnesses to look harder for security problems before bad things happen or make sure they trigger the requirement as rarely as possible?
Someone's going to say that those cases won't be covered but we still can't figure out what GDPR covers.
And this is going to be another shitstorm like cookie clickwrap where companies all implement totally useless 2fa that technically satisfies.
Security is very important but it can't be done via top down rules like this. A combination of liability when shit goes wrong plus funding public education and