Cyber Security @ EIF 2024

Author photo: Constanze Schmitz and Thomas Menze
ByConstanze Schmitz and Thomas Menze
Industry Trends

ARC’s European Industry Forum is part of our successful series of worldwide conferences in Europe, America and Asia. The next European Forum will be held in Sitges (Barcelona), Spain on May 6-8, 2024 and focus on “Managing Digital Transformation in the Age of AI, Open Architectures, and Sustainability”. Participants are invited to attend exclusive presentations and workshops on strategies and case studies from the digital front lines.

ARC industry analysts and other experts from the end user and supplier communities will analyze and discuss trends and drivers for hot industry topics, such as:

Cyber Security - CRA & NIS2 in Critical Infrastructure

The Cyber Resilience Act (CRA) and the Network and Information Security2 (NIS2) directive are significant legislative measures introduced by the European Union to enhance the cybersecurity of critical infrastructure and other components with digital elements. However, we will focus our discussion on automation systems in the critical infrastructure. All 27 EU Member States will have to incorporate the NIS2 directive new obligations in their national laws this year. The CRA is valid immediately and without national legislation. Here's a summary of their impact and the obligations they impose on critical infrastructure operators and automation system suppliers: 

Impact on Critical Infrastructure in Europe 

The Cyber Resilience Act aims to impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use includes direct or indirect data connection to a device or network. 

The NIS2 Directive will ensure a safer and stronger Europe by significantly expanding the sectors and type of critical entities falling under its scope. 

Obligations for Critical Infrastructure Operators 

Under the Cyber Resilience Act, operators need to ensure that digital products in the supply chain are secure. 

The NIS2 Directive imposes stricter cybersecurity risk management requirements that companies are obliged to comply with. 

Critical entities will need to identify the relevant risks that may significantly disrupt the provision of essential services, take appropriate measures to ensure their resilience, and notify disruptive incidents to the competent authorities. 

Obligations for Automation System Suppliers 

The Cyber Resilience Act is aimed at equipment suppliers and imposes a duty of care for the lifecycle of products, this also includes the availability of security updates for a defined period. Suppliers are required to improve the overall cyber resilience of the European industry by imposing strict rules to ensure that their systems are adequately protected against cyberattacks. 

These measures are expected to significantly enhance the cybersecurity landscape in Europe, providing a more robust defense against potential cyber threats. However, it's important to note that the specific obligations may vary, based on the nature of the entity and the sector in which it operates. 

The cybersecurity track begins with a practical introduction to the topic. One focus topic is the timely introduction and transition phase of these new obligations. The expected requirements for operators and suppliers of critical infrastructure automation systems are specifically addressed. After the introduction, these requirements will be further discussed and deepened with experts and users. Participants will have the opportunity to ask questions relating to their company's situation. 

ARC’s European Industry Forum

Join us at ARC’s European Industry Forum to speed up your digitalization and sustainability initiatives with strategies and use cases from which technology end users and suppliers will benefit alike. Discover what your peers and industry leaders are doing today and what steps they are taking to prepare for the future.

For more information about attending, speaking, and sponsoring, please contact Ann-Kathrin Blech (mailto:[email protected]).

Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients