Is your codebase ready for NIS2 and the Cyber Resilience Act?
Mindtrek
93 views
14 slides
Oct 10, 2024
Slide 1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
About This Presentation
By: Martin von Willebrand, Attorney at HH Partners Attorneys-at-law, Founder at Double Open
Presentation as part of the track program: The Future of Open Source Business
Mindtrek Conference
OpenTech: From the community for the community.
8th of October, 2024 | Tampere, Finland
www.mindtrek.org
Slide Content
Is your codebase ready for Cyber
Resilience Act and NIS2?
8.10.2024
Martin von Willebrand
mvonwi@X
Resilience Act and NIS2?
8.10.2024
Martin von Willebrand
mvonwi@X
In collaborationwith
www.hhpartners.fi 2
www.hhpartners.fi 2
Presentation
www.hhpartners.fi 3
•Tech & IP & Transactionslawfirm, 16 lawyers
•Mission to bebestlegalhelp for organizationsredigitalization
•Technology: Open Technologies, Data protection, Data, Fintech
•Open Technologies: collaborationstructures, open source, open data,
open apis, open innovation
•MvW
–Headof Tech, Partner, Attorney-at-lawat HH Partners
–Chair at DoubleOpen Oy, offeringsoftware composition analysis&
management
www.hhpartners.fi 3
•Tech & IP & Transactionslawfirm, 16 lawyers
•Mission to bebestlegalhelp for organizationsredigitalization
•Technology: Open Technologies, Data protection, Data, Fintech
•Open Technologies: collaborationstructures, open source, open data,
open apis, open innovation
•MvW
–Headof Tech, Partner, Attorney-at-lawat HH Partners
–Chair at DoubleOpen Oy, offeringsoftware composition analysis&
management
Whatis CRA / CyberResilienceAct?
A first ever EU wide legislation of its kind: the Cyber Resilience
Act introduces mandatory cybersecurity requirements for
hardware and software products, throughout their whole
lifecycle
Horizontal applicability – EVERYONE
www.hhpartners.fi 4
A first ever EU wide legislation of its kind: the Cyber Resilience
Act introduces mandatory cybersecurity requirements for
hardware and software products, throughout their whole
lifecycle
Horizontal applicability – EVERYONE
www.hhpartners.fi 4
Whatis NIS2?
The NIS2 Directive (Network and Information Security Directive
2) builds upon the original NIS Directive to strengthen
cybersecurity across the European Union (EU) for critical
infrastructure and essential services.
Applies for government and in highly critical fields of energy, transport, banking, financial
market infra, health, water, digital infra, ICT service providers, public administration, space
And critical fields: postal, waste, chemicals, food, certain manufacturing, digital providers,
research
www.hhpartners.fi 5
The NIS2 Directive (Network and Information Security Directive
2) builds upon the original NIS Directive to strengthen
cybersecurity across the European Union (EU) for critical
infrastructure and essential services.
Applies for government and in highly critical fields of energy, transport, banking, financial
market infra, health, water, digital infra, ICT service providers, public administration, space
And critical fields: postal, waste, chemicals, food, certain manufacturing, digital providers,
research
www.hhpartners.fi 5
Whatis NIS2?
www.hhpartners.fi 6
www.hhpartners.fi 6
Timeline
•NIS2 in force~now! Implementationdead-line18.10.2024.
FinnishCyberSecurity Act aboutto bepassed, notificationsto
authorityon 31.12.2024 the latest.
•CRA (EU Act) cominginto forcelikelyin late2024, with
transition periodof 3 years, untillate2027.
www.hhpartners.fi 7
•NIS2 in force~now! Implementationdead-line18.10.2024.
FinnishCyberSecurity Act aboutto bepassed, notificationsto
authorityon 31.12.2024 the latest.
•CRA (EU Act) cominginto forcelikelyin late2024, with
transition periodof 3 years, untillate2027.
www.hhpartners.fi 7
www.hhpartners.fi 8
Global view–poweredbyChatGPT
•Whilethe CRA is firstof itskind, therearemanycybersecurity
initiatives, lawsand strategiesin placeand coming:
–United States: Cybersecurity Maturity Model Certification (CMMC), Executive Order on Improving the Nation's Cybersecurity (2021) , Cyber Incident
Reporting for Critical Infrastructure Act (CIRCIA, 2022)
–United Kingdom: Network and Information Systems (NIS) Regulations, UK National Cyber Strategy (2022)
–Japan: Cybersecurity Basic Act (2014, revised 2021), Cybersecurity Strategy (2021)
–Australia: Australia’s Cyber Security Strategy (2020), Security of Critical Infrastructure Act (SOCI) Amendments
–China: Cybersecurity Law (CSL, 2017), Data Security Law (2021)
–Singapore: Cybersecurity Act (2018), Cybersecurity Strategy (2021)
–South Korea: Framework Act on National Informatization and Information Communications Network Protection, Cybersecurity Strategy (2019)
–Canada: National Cyber Security Strategy (2018), Canadian Centre for Cyber Security
–India: National Cyber Security Policy (2013) & Draft Cybersecurity Strategy (2021), CERT-In Regulations
–Israel: Israel National Cybersecurity Authority (INCD), Cybersecurity Strategy (2021)
–New Zealand: Cyber Security Strategy (2019), CERT NZ
www.hhpartners.fi 9
•Whilethe CRA is firstof itskind, therearemanycybersecurity
initiatives, lawsand strategiesin placeand coming:
–United States: Cybersecurity Maturity Model Certification (CMMC), Executive Order on Improving the Nation's Cybersecurity (2021) , Cyber Incident
Reporting for Critical Infrastructure Act (CIRCIA, 2022)
–United Kingdom: Network and Information Systems (NIS) Regulations, UK National Cyber Strategy (2022)
–Japan: Cybersecurity Basic Act (2014, revised 2021), Cybersecurity Strategy (2021)
–Australia: Australia’s Cyber Security Strategy (2020), Security of Critical Infrastructure Act (SOCI) Amendments
–China: Cybersecurity Law (CSL, 2017), Data Security Law (2021)
–Singapore: Cybersecurity Act (2018), Cybersecurity Strategy (2021)
–South Korea: Framework Act on National Informatization and Information Communications Network Protection, Cybersecurity Strategy (2019)
–Canada: National Cyber Security Strategy (2018), Canadian Centre for Cyber Security
–India: National Cyber Security Policy (2013) & Draft Cybersecurity Strategy (2021), CERT-In Regulations
–Israel: Israel National Cybersecurity Authority (INCD), Cybersecurity Strategy (2021)
–New Zealand: Cyber Security Strategy (2019), CERT NZ
www.hhpartners.fi 9
Codebaseview
•Requirementson codebasescomingfrom cybersecuritylaws:
–Secure codingpractices
–Vulnerabilitymanagement
–Ongoingsecuritymaintenance
–Supply chain/dependencymanagement, includingsoftware billof
materials
www.hhpartners.fi 10
•Requirementson codebasescomingfrom cybersecuritylaws:
–Secure codingpractices
–Vulnerabilitymanagement
–Ongoingsecuritymaintenance
–Supply chain/dependencymanagement, includingsoftware billof
materials
www.hhpartners.fi 10
Best practicesin codemanagement
1.Youshouldbeableto makea buildin onestep
2.Buildsshouldbereproducible
–Lock versions in the dependency tree
3.Dependenciesmanagedwithbuildtools, no vendoreddependencies
–Mirrorsourcecodes
4.EasilycreateSBOMsin unified, machine-readableformat
–Importantfor allanalysis
5.Havea unifiedprocessacrossprojects
6.Automateeverythingyoucan
www.hhpartners.fi 11
1.Youshouldbeableto makea buildin onestep
2.Buildsshouldbereproducible
–Lock versions in the dependency tree
3.Dependenciesmanagedwithbuildtools, no vendoreddependencies
–Mirrorsourcecodes
4.EasilycreateSBOMsin unified, machine-readableformat
–Importantfor allanalysis
5.Havea unifiedprocessacrossprojects
6.Automateeverythingyoucan
www.hhpartners.fi 11
DoubleOpen solvesthisfor you!
•DoubleOpen SCA automatescodebaseinspection,
dependencyanalysis, sbomcreation, sourcecodescanning,
vulnerabilitymatching, alerts, rules, reporting
•Applicableto multipleprojects, manytechnologies
www.hhpartners.fi 12
doubleopen.org
•DoubleOpen SCA automatescodebaseinspection,
dependencyanalysis, sbomcreation, sourcecodescanning,
vulnerabilitymatching, alerts, rules, reporting
•Applicableto multipleprojects, manytechnologies
www.hhpartners.fi 12
doubleopen.org
Let’scheckyourcodebase!
•DoubleOpen willhelp inspectyourcodebase. What’sincluded:
–Dependencyanalysis, SBOM generation, sourcecodescanning, vulnerability
scanning, standardrules, standardreports
–Supportedtech: Java: Maven, Gradle; JavaScript / Node.js: NPM, PNPM, Yarn;
Python: PIP, Pipenv, Poetry; Ruby: Bundler; Go: GoMod; Rust: Cargo
•MINDTREK SPECIAL OFFER: Upto twoorganizationsand twoproducts, for
free, includingsixmonthsof subscription, feedback requested.
•ContactMartin!
www.hhpartners.fi 13
doubleopen.org
•DoubleOpen willhelp inspectyourcodebase. What’sincluded:
–Dependencyanalysis, SBOM generation, sourcecodescanning, vulnerability
scanning, standardrules, standardreports
–Supportedtech: Java: Maven, Gradle; JavaScript / Node.js: NPM, PNPM, Yarn;
Python: PIP, Pipenv, Poetry; Ruby: Bundler; Go: GoMod; Rust: Cargo
•MINDTREK SPECIAL OFFER: Upto twoorganizationsand twoproducts, for
free, includingsixmonthsof subscription, feedback requested.
•ContactMartin!
www.hhpartners.fi 13
doubleopen.org
Thank you
HH Partners, Attorneys-at-law Ltd
Visiting address: Bulevardi 7, 5
th
floor, 00120 Helsinki
Postal address: P.O. Box 232, FI-00101 Helsinki, Finland
Tel. +358 9 177 613, fax +358 9 653 873
[email protected]
www.hhpartners.fi
doubleopen.org
HH Partners, Attorneys-at-law Ltd
Visiting address: Bulevardi 7, 5
th
floor, 00120 Helsinki
Postal address: P.O. Box 232, FI-00101 Helsinki, Finland
Tel. +358 9 177 613, fax +358 9 653 873
[email protected]
www.hhpartners.fi
doubleopen.org
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 93
- Slides 14
- Age 421 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views