Practical Industrial Security: Real-World Lessons from Complex HVDC Projects

We’re excited to announce that our colleague Jan Grotelüschen (GAI NetConsult GmbH) will be speaking at the Industrial Security Conference 2025 in Copenhagen, alongside Simon Gustafson (Amprion GmbH) and co-author Stephan Beirer (GAI NetConsult GmbH).

Topic of the presentation:
Staying on course in a volatile environment: OT security in complex large-scale HVDC projects – a real-life example

https://insightevents.dk/isc-cph/sessions/staying-on-course-in-a-volatile-environment-ot-security-in-complex-large-scale-hvdc-projects-a-real-life-example/

At a glance:

Amprion is currently implementing massive offshore grid connection projects such as BorWin4/DolWin4 and BalWin1/BalWin2. These high-voltage direct current (HVDC) lines span up to 380 km and deliver 5.8 GW of power per project – enough to supply electricity to nearly 6 million people.
In this presentation, the speakers, who are largely responsible for the specification and monitoring of the implementation of OT security for this HVDC project, will present the projects itself and report on the cyber security challenges and lessons learnt.

Key OT Security Challenges Covered:
• Dynamic regulation: Adapting to evolving frameworks like NIS-2, RCE, CRA – even mid-project
• Technology vs. longevity: IT/OT convergence meets decades-long system life cycles
• Managing uncertainty: Constant change in technologies, requirements, and stakeholders

This session provides real-world insights into securing critical infrastructure under real conditions – including what worked, what didn’t, and how lessons learned are shaping better security strategies.

More about the industrial security conference: https://www.linkedin.com/company/industrial-security-conference-cph/posts/?feedView=all

It’s happening at 1PM ET—don’t miss it!

CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations
Register now: https://openssf.org/resources/tech-talks/tech-talk-cra-ready/
Where: Zoom!

What does the EU’s #CRA mean for open source—and how can your project stay ahead?

It’s almost here!

Tomorrow, we break down what the EU Cyber Resilience Act (#CRA)really means for open source.

If you haven’t registered yet—now’s the time.

https://openssf.org/resources/tech-talks/tech-talk-cra-ready/

The EU’s Cyber Resilience Act (#CRA) is reshaping how open source projects approach risk and compliance.

Join our webinar on 24 June to learn about the resource the ORC community is developing to support the open source projects and users with CRA compliance.
Don’t miss it! https://www.crowdcast.io/c/cra2506

Join us June 26 at the #openSUSE Conference in #Nuremberg for a full day of #workshops focused on the #Cyber Resilience Act (#CRA) & #NIS2 Directive.
How will new #EU laws shape the future of #opensource? Discover what #SMEs need to know!
#CyberSecurity https://events.opensuse.org/

"They want an arrangement that perpetuates racial inequality indefinitely while retaining some plausible deniability, a rigged system that maintains a mirage of equal opportunity while maintaining an unofficial racial hierarchy. Like elections in authoritarian countries where the autocrat is always reelected in a landslide, they want a system in which they never risk losing but can still pretend they won fairly."

https://www.theatlantic.com/politics/archive/2025/02/trump-attacks-dei/681772/
#DEI #DonaldTrump #USpol #CRA

“If I learned something during the last two years, it was all because of my misconceptions that I had.”

Fukami's #CRAMondays talk is a must-watch for anyone navigating EU tech policy and the Cyber Resilience Act (#CRA).

Watch now to learn from his experience: https://youtu.be/7CbHwsKVD80

3 days to go!

Join us this Thursday for an OpenSSF Tech Talk on the EU #CRA and how it’s changing the game for open source software.

Register now & mark your calendar: https://openssf.org/resources/tech-talks/tech-talk-cra-ready/

Heading home after 3 days representing #TYPO3 at #wceu2025. Fabulous meetings with great people — and the opportunity to also speak for #drupal + #joomla when asking #WordPress to join our work to prepare for the #CRA in #EU. #MeetTYPO3 #OpenSource #FOSS @typo3 @WordPress

"If someone is simply a developer of open-source software, which they don't monetize, they have no obligations under the #CRA. But they can help vendors who do have those obligations choose real change over paperwork-only 'compliance' by having a clear reporting channel for security vulnerabilities and a way to announce to users when those vulnerabilities are discovered." – Rybczyńska said. https://lwn.net/SubscriberLink/1023306/10d7857d27b8e358/

Trying to understand how the Cyber Resilience Act (#CRA) affects open source?

Fukami, EU Policy Advisor at the OpenSSF, shared at the #CRAMondays session a visual map of the landscape — regulations, actors, responsibilities — and how it all connects.

Watch the recording: https://youtu.be/7CbHwsKVD80

https://www.europesays.com/fr/155585/ Sans-papiers : l’État veut créer un local de rétention administrative à la Capelette #actu #Actualités #CRA #EU #europe #FR #France #lra #Marseille #News #prefecturedesbouchesdurhone #ProvenceAlpesCôteD'Azur #RépubliqueFrançaise #Zalu

The Jewish National Fund of Canada has lost another bid to overturn the CRA's revocation of its charitable status.

“The revocation is a victory against an important arm of a racist colonial movement that’s stolen Palestinian land for over a century.”

Obviously it is not “charitable” to support apartheid and genocide.

#Canada #Zionism #Israel #Genocide #TaxDeductible #FreePalestine #CRA
https://www.justpeaceadvocates.ca/breaking-news-jnf-loses-another-court-appeal/

Don’t miss this on-demand webinar from the #ORCWG covering the EU’s Cyber Resilience Act (CRA) standards, including their production timeline! https://buff.ly/3QmMYMO

Are you a steward? A manufacturer? Or... neither?

The #CRA draws new legal lines for open source software—especially around who’s responsible for what.

Get the clarity you need in this must-read blog from Mike Bursell, Co-chair, OpenSSF Cyber Policy Working Group.

Read the blog : https://openssf.org/blog/2025/06/02/oss-and-the-cra-am-i-a-manufacturer-or-a-steward/

What is the New Legislative Framework (NLF), and how does it shape EU product legislation, including the Cyber Resilience Act (#CRA)?

In this episode of #CRAMondays, Fukami, EU Policy Advisor at the OpenSSF, breaks down the NLF as the legal backbone supporting the enforcement of internal market rules in the EU.

Watch the recording to get a clearer understanding of how the NLF provides a common framework for future legislation: https://youtu.be/7CbHwsKVD80

Now at #tdose in Katoen kamer, a workshop by Michael August Bournique
on The Cyber Resilience Act for Open Source Projects.
@AugustB
#CRA

#CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations?

Join us for a #TechTalk that breaks down what #OSS maintainers, developers, and vendors need to know — and do — to prepare.

Register now: https://openssf.org/resources/tech-talks/tech-talk-cra-ready/

Es kommt, wie es kommen musste - und das ist auch gut so: Nachdem geraume Zeit unklar war, wie sich denn nun die delegierte Verordnung zur Radio Equipment Directive (#RED) und der #EU Cyber Resilience Act (#CRA) zueinander verhalten, gibt es nun in Bälde mehr Klarheit: Der Delegated Act soll pünktlich mit dem Wirksamwerden des CRA im Dezember 2027 aufgehoben werden.

Und das macht auch Sinn, denn auch die #Funkanlagen werden vom CRA erfasst:

https://circabc.europa.eu/ui/group/43315f45-aaa7-44dc-9405-a86f639003fe/library/12166519-54dd-4466-991b-7012d258f9d1/details #cybersecurity