Cyber-resilience Act signals big change in commercial software development - The Irish Times

It is 18 months since the devastating cyberattack on the digital infrastructure of our national health service. In the middle of the pandemic in May 2021, the State was held to ransom by a cybercrime group believed to be based, according to intelligence agencies, near St Petersburg in Russia. Within a week, however, the group unexpectedly provided the Irish authorities with a decryption key to re-establish their systems.

The Irish attack was not the only major cyber incident by a Russian-based group that late spring: a few weeks later, a Russian-based ransomware group disabled many computer systems worldwide, via vulnerabilities in widely used technology from Kaseya, an American firm.


Given today’s international relationships, I wonder whether Russian authorities would now assist in resolving any cyberattack originating within their country?


The EU authorities have not been idle. In 2020, the EU Commission awarded a study contract to a consortium of international management consultants on the need for cybersecurity resilience in information and communications technologies (ICT). While recognising that existing EU legislation broadly addresses consumer protection and security, the current regulations do not focus specifically on digital systems. A 375-page report on cybersecurity requirements for ICT products was duly published in December 2021.

In a follow-up last spring, the EU Commission opened a public consultation process inviting comments on the likely impact of EU-wide cyber resilience legislation. A total of 109 submissions were made. They included just one from Ireland – by ESB Networks – which advocated mandatory regulatory intervention.



Support the originator by clicking the read the rest link below.