In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis engage in a thought-provoking discussion with cybersecurity expert and Member of European Parliament, Bart Groothuis. The conversation centers around the Cyber Resilience Act (CRA), its implications for cybersecurity globally, and how to address untrustworthy vendors in European networks..

MEP Groothuis, drawing from his experience as Parliament's cybersecurity rapporteur, sheds light on the extensive influence an individual can have in shaping legislation. He emphasizes the importance of understanding the subject matter and leveraging expertise to convince stakeholders, ultimately shaping the language and provisions of the CRA. This insightful perspective highlights the significant role of security professionals in driving meaningful change.

The conversation then delves into the concept of software liability. Groothuis explains how the legislation provides a framework for legal disputes arising from cybersecurity incidents. He emphasizes the need for clear legislation concerning risky vendors, particularly those associated with countries known for offensive espionage programs. Groothuis advocates for de-risking practices and the incorporation of non-technical factors when evaluating software for critical infrastructure.

Throughout the episode, Groothuis’ expertise and passion for cybersecurity legislation shine. His calls for stronger measures against risky vendors and his efforts to ensure the protection of critical infrastructure create a compelling narrative. Listeners gain valuable insights into the complex world of cybersecurity legislation and the vital role it plays in securing our digital landscape.

‍