At the beginning of February, the north of the Netherlands faced a code red warning due to icy weather. Daily life briefly came to a standstill: roads were closed, trains stopped running, and people were even skating in the streets. A code red situation has a major impact on ordinary life, but what happens when a code red situation arises from a cyber threat within your organisation? What if the security of digital products collapses under pressure? Naturally, you want to prevent systems from failing or becoming unavailable at all times. That is precisely why the Cyber Resilience Act (CRA) was introduced.
Why is the CRA relevant for organisations in the north?
The north is home to many organisations that provide infrastructure of critical importance to society. Consider the data centres in the Eemshaven, major central and decentralised government bodies, or the newly developing AI hub in the Niemeyer building. The region’s dependence on digital systems is significant, and so is the importance of digital resilience.
To prevent vulnerabilities from leading to a code red situation, the CRA requires manufacturers, suppliers and distributors of products with digital elements to design these products securely and, perhaps even more importantly, to maintain them properly. This means, among other things, identifying vulnerabilities, ensuring that security updates remain available throughout a product’s lifecycle, and reporting serious security incidents.
The CRA offers perspective
Many organisations in the north rely heavily on external IT suppliers. For them, the CRA is good news. The Act strengthens their position through stricter statutory obligations in the field of cyber resilience. At the same time, the CRA also calls for action from organisations that depend on IT suppliers:
-
Do you know which products with digital elements are used within your organisation?
-
Is it clear how long security updates will be provided?
-
Do your contracts align with the requirements of the CRA?
The code red warning in the north has long since passed. A cyber threat, however, can arise at any time. The CRA firmly embeds digital resilience in law. In a region with extensive critical infrastructure, such as the north, that is of great importance.
We can support your organisation with any questions regarding the CRA. We also offer training programmes, such as the CCCO®, to help you strengthen your organisation’s cyber resilience. You can also read in this blog how to become CRA compliant in 12 steps.
