Introductory remarks by the speaker

Digitalization creates new threats and EU is reacting to these with a "tsunami" of regulation: at least a dozen new directives and acts are setting requirements for cyber and information security. Meanwhile the reality is that management and programming practices are not meeting these requirements, as shown by a survey on software security in Finland 2023.

This presentation discusses the implications of EU regulation, especially the NIS2 and CRA to the digital landscape. The supply chain requirements in NIS2 expand its effects over a large number of actors and we are now seeing management interest to security. CRA will require most vendors and manufacturers of software, including embedded software, to maintain security and more critical components require a CE self-certification, similar to electrical appliences.

Meeting the new regulations will require companies to change their practices and rise to new levels of threat and risk analysis, documentation, component management, update capabilities and so on. These changes will impact all industries, as there are very few areas without digital components. The speaker is not an expert on maritime issues, but will try to rise some discussion points specific to that area.

Short resume

Dr. Sci. Timo Kiravuo has been working on security since the 1980's both in the field and in the academia. He is a generalist who likes to take a holistic look at things and to see all sides of the problem, considering security just one aspect of in issue. He has worked at cybersecurity company Nixu in Finland, taught security at Helsinki University of Technology and got his doctorate at Aalto University, to which HUT merged. Recently he has been back to the field as a consultant, while teaching at Aalto and Metropolia in Helsinki.

Join in MS Teams