{"id":2648,"date":"2023-12-25T08:00:00","date_gmt":"2023-12-25T04:00:00","guid":{"rendered":"http:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648"},"modified":"2023-12-20T16:43:20","modified_gmt":"2023-12-20T12:43:20","slug":"extension-of-the-legal-requirements-for-implementing-cyber-security","status":"publish","type":"post","link":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/extension-of-the-legal-requirements-for-implementing-cyber-security\/","title":{"rendered":"Extension of the legal requirements for implementing cyber security"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><strong>Urgent need for action for all stakeholders<\/strong><\/h2>\n\n\n\n<p>The EU Cybersecurity Strategy, published in December 2020, focuses on resilience and attack blocking for major manufacturing companies. The strategy aims to implement security by design in products and systems, addressing the increasing attack area for cyberattacks and the increasing professionalism of attackers. Cyber security focuses on securing a company&#8217;s value creation and individual security objectives, including protecting know-how and complying with legal regulations. Significantly, the EU is now extending legal requirements for cybersecurity to include more companies.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\"><img loading=\"lazy\" decoding=\"async\" width=\"815\" height=\"559\" src=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\" alt=\"cyber security\" class=\"wp-image-2650\" srcset=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png 815w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2-300x206.png 300w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2-768x527.png 768w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2-624x428.png 624w\" sizes=\"auto, (max-width: 815px) 100vw, 815px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Implementation in the automation sector<\/strong><\/h2>\n\n\n\n<p>Based on ISO 27001\/2, the information security management system (ISMS) in IT is being extended to operational technology (OT). Measures in the IACS environment can be applied by incorporating organizational and technical criteria, as part of this expansion. These measures include network configuration, data protection, user authentication, monitoring, device security hardening, and system management. The IEC 62443 series of standards addresses specific measures for the IACS environment, covering components, systems, operators, and service providers. The comprehensive security-by-design approach, known as the &#8220;defense-in-depth&#8221; concept, makes access more difficult for attackers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"709\" src=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures-1024x709.png\" alt=\"Implementation in the automation sector\" class=\"wp-image-2651\" srcset=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures-1024x709.png 1024w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures-300x208.png 300w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures-768x532.png 768w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures-624x432.png 624w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Waldeck_9605_Pictures.png 1536w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Upvaluation of regulations through NIS&nbsp;2<\/strong><\/h2>\n\n\n\n<p>The EU&#8217;s NIS 2 directive, mandating cybersecurity measures for public and private entities, is changing the landscape. Specifically, it applies to companies with over 50 employees and more than 10 million euros in sales, focusing on essential and important facilities. Commencing from January 16, 2023, this directive must be transferred into national law by October 18, 2024. However, implementing security-by-design in products is challenging, and the EU has introduced the Cyber Resilience Act (CRA) to address this issue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Development of security-by-design products in accordance with the Cyber Resilience Act<\/strong><\/h2>\n\n\n\n<p>The Cyber Resilience Act (CRA) mandates manufacturers to create security-by-design products, ensuring they receive a CE mark if they comply with regulations. Minimum security measures must be demonstrated through conformity tests or manufacturers themselves using a harmonized standard. The CRA includes access protection, confidentiality protection, integrity, availability, and a secure delivery state. It also includes vulnerability management and regulations for manufacturers to provide security updates. The draft text of the CRA is in trialogue, expected to become EU law in 2024. To meet vulnerability management requirements, products must have a standardized Software Bill of Material and known vulnerabilities must be available in a standardized digital format.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Consideration of security in the new Machinery Directive<\/strong><\/h2>\n\n\n\n<p>The Machinery Directive 2006\/42\/EC mandates machines to be equipped with functional safety technology, ensuring the protection of people and the environment from injuries or contamination. However, this standard requires updates due to new technologies and product safety regulations. Looking ahead, the Machinery Directive 2023\/1230, set to be published by mid-2023, combines functional safety with cybersecurity.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>360-degree security based on IEC&nbsp;62443<\/strong><\/h2>\n\n\n\n<p>Phoenix Contact, a German company, has implemented IEC 62443 since 2017. In this time frame, it has focused on a 360-degree security concept throughout its products and solutions. The company follows a secure development process, ensuring security-by-design and defense-in-depth. Additionally, It actively monitors vulnerabilities and provides regular security updates. Moreover, the company&#8217;s secure products comply with IEC 62443-4-1 and IEC 62443-4-2, including denial-of-service protection, user management, and data confidentiality. Furthermore, the company&#8217;s security services are certified by IEC 62443-2-4. The Phoenix Contact Security Team has developed templates for various solutions and markets, and the Product Security Incidence Response Team (PSIRT) manages security issues. Importantly, all certifications are monitored by T\u00dcV S\u00fcd through annual audits.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-scaled.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"603\" src=\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-1024x603.jpg\" alt=\"360-degree security based on IEC 62443\" class=\"wp-image-2653\" srcset=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-1024x603.jpg 1024w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-300x177.jpg 300w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-768x452.jpg 768w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-1536x904.jpg 1536w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-2048x1205.jpg 2048w, https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/Fig-2e-1-624x367.jpg 624w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Learn more about <a href=\"https:\/\/www.phoenixcontact.com\/en-us\/industries\/industrial-security\" target=\"_blank\" rel=\"noreferrer noopener\">Industrial security<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Urgent need for action for all stakeholders The EU Cybersecurity Strategy, published in December 2020, focuses on resilience and attack blocking for major manufacturing companies. The strategy aims to implement security by design in products and systems, addressing the increasing attack area for cyberattacks and the increasing professionalism of attackers. Cyber security focuses on securing [&hellip;]<\/p>\n","protected":false},"author":357,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2648","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Extension of the legal requirements for implementing cyber security | Middle East<\/title>\n<meta name=\"description\" content=\"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Extension of the legal requirements for implementing cyber security | Middle East\" \/>\n<meta property=\"og:description\" content=\"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648\" \/>\n<meta property=\"og:site_name\" content=\"Middle East\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-25T04:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\" \/>\n<meta name=\"author\" content=\"Rehab Saleh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rehab Saleh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648\",\"url\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648\",\"name\":\"Extension of the legal requirements for implementing cyber security | Middle East\",\"isPartOf\":{\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage\"},\"thumbnailUrl\":\"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\",\"datePublished\":\"2023-12-25T04:00:00+00:00\",\"author\":{\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/f082d19c085d32a2ba4d429127104281\"},\"description\":\"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage\",\"url\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\",\"contentUrl\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png\",\"width\":815,\"height\":559},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Extension of the legal requirements for implementing cyber security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#website\",\"url\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/\",\"name\":\"Middle East\",\"description\":\"PHOENIX CONTACT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/f082d19c085d32a2ba4d429127104281\",\"name\":\"Rehab Saleh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/50c529c9e01c93ce87ad2a7073c25b0fe60586e0be6673ecb4fafb48b3acc8ca?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/50c529c9e01c93ce87ad2a7073c25b0fe60586e0be6673ecb4fafb48b3acc8ca?s=96&d=mm&r=g\",\"caption\":\"Rehab Saleh\"},\"url\":\"https:\/\/blog.phoenixcontact.com\/marketing-ae\/author\/vml9bt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Extension of the legal requirements for implementing cyber security | Middle East","description":"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648","og_locale":"en_US","og_type":"article","og_title":"Extension of the legal requirements for implementing cyber security | Middle East","og_description":"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.","og_url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648","og_site_name":"Middle East","article_published_time":"2023-12-25T04:00:00+00:00","og_image":[{"url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png","type":"","width":"","height":""}],"author":"Rehab Saleh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rehab Saleh","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648","url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648","name":"Extension of the legal requirements for implementing cyber security | Middle East","isPartOf":{"@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage"},"image":{"@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage"},"thumbnailUrl":"http:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png","datePublished":"2023-12-25T04:00:00+00:00","author":{"@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/f082d19c085d32a2ba4d429127104281"},"description":"Industrial security enables you to protect your systems and machines against the risks associated with increased networking, such as cyber-attacks and malware.","breadcrumb":{"@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#primaryimage","url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png","contentUrl":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-content\/uploads\/sites\/9\/2023\/12\/3-2.png","width":815,"height":559},{"@type":"BreadcrumbList","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?p=2648#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/"},{"@type":"ListItem","position":2,"name":"Extension of the legal requirements for implementing cyber security"}]},{"@type":"WebSite","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#website","url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/","name":"Middle East","description":"PHOENIX CONTACT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/f082d19c085d32a2ba4d429127104281","name":"Rehab Saleh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/50c529c9e01c93ce87ad2a7073c25b0fe60586e0be6673ecb4fafb48b3acc8ca?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/50c529c9e01c93ce87ad2a7073c25b0fe60586e0be6673ecb4fafb48b3acc8ca?s=96&d=mm&r=g","caption":"Rehab Saleh"},"url":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/author\/vml9bt\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/posts\/2648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/users\/357"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/comments?post=2648"}],"version-history":[{"count":5,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/posts\/2648\/revisions"}],"predecessor-version":[{"id":2661,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/posts\/2648\/revisions\/2661"}],"wp:attachment":[{"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/media?parent=2648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/categories?post=2648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.phoenixcontact.com\/marketing-ae\/wp-json\/wp\/v2\/tags?post=2648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}