Home » Business » European Union Council adopts cyber resilience law… In Korea, SW supply chain security is

European Union Council adopts cyber resilience law… In Korea, SW supply chain security is

ⓒGetty Image Bank

With the European Union (EU) Council adopting the Cyber ​​Resilience Act, which includes mandatory software bill of materials (SBOM) for digital products (services) sold in the region, movements to strengthen software supply chain security are gaining speed. The Korean government also formed a joint public-private task force (TF) and began preparing a SW supply chain security roadmap.

According to foreign media on the 18th, the EU Council adopted the Cyber ​​Resilience Act on the 10th, establishing cybersecurity requirements for products containing digital elements such as laptops, mobile devices, home cameras, and refrigerators. This bill will soon go into effect 20 days after being signed by the President of the European Council and the President of the European Parliament. Full application begins 36 months after entry into force.

The goal of the Cyber ​​Resilience Act is to regulate cybersecurity requirements for digital products (services) sold within the EU. It applies to all products directly or indirectly connected to other devices or networks, excluding some, such as medical devices, aviation products, and automobiles, for which cybersecurity regulations have already been applied.

In particular, it requires SW companies to create and provide SBOM. SBOM refers to a detailed list of all components, licenses, and version information included in a SW product. The key is to increase supply chain transparency by clarifying SW components and sources.

The EU expects that consumers will consider cybersecurity when choosing and using products with digital elements, and will be able to more easily select products with cybersecurity features.

Following the ‘National Cyber ​​Security Strategy’ announced in February, our government is also taking measures to strengthen supply chain security by emphasizing it as one of the important strategic goals in the ‘National Cyber ​​Security Basic Plan’ last month. Last month, the National Intelligence Service and the Ministry of Science and ICT launched a SW supply chain security task force and announced plans to establish security policies, including public sector SW security standards, by January next year. We plan to release a step-by-step roadmap with the goal of implementation in 2027.

SW supply chain security is not only a security issue that responds to cyber threats, but also an economic issue that hinders exports. This is because the SBOM required by the EU may act as a trade barrier for our SW companies. This is why the TF has a separate international trade group among the eight working groups. The International Trade Working Group seeks ways to increase the export capabilities of domestic SW companies, such as preparing SBOM.

Efforts to foster SW supply chain talent are also busy. A representative example is the development of the National Competency Standards (NCS). The SW supply chain security NCS is scheduled to be newly established within information and communication (major category) – information technology (middle category) – information protection (subcategory). It is expected to clearly define the essential capabilities and knowledge that SW supply chain security personnel must have, and provide the basis for curriculum development and human resources training programs based on this.

Reporter Jo Jae-hak 2jh@etnews.com

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.