After explaining how MBSE can support cybersecurity efforts in the context of the NIS2 directive , in this new article, I explore the benefits of MBSE for another key cybersecurity regulation: the Cyber Resilience Act .   The Cyber Resilience Act, a product-centric shift in cybersecurity regulation Following the growing number of cyber threats targeting connected products, the European Union adopt...

In a recent article Stephane Lacrampe explained why MBSE is Becoming Essential for Modern Cybersecurity , especially for designing secure and resilient systems. Building on this perspective, this article explores how MBSE can support cybersecurity efforts in the context of the NIS2 directive .   NIS2, a major shift in cybersecurity regulation With the NIS2 Directive, the European Union has signifi...

Cybersecurity is no longer a secondary concern. It has become a strategic priority across all industries. Attacks are increasing in frequency, growing in sophistication, and now target critical infrastructures, industrial systems, and complex engineered products. Several factors explain this trend. The widespread adoption of connected systems significantly expands the attack surface. The growing i...

Dans mon précédent article ( L’architecture d’entreprise continue, un levier pour NIS2 ), j’expliquais comment une approche d’Architecture d’Entreprise Continue (AEC) permet de structurer la mise en conformité face à NIS2. Mais comment traduire concrètement cette démarche dans un modèle d’architecture ? C’est là qu’intervient ArchiMate, le langage standard de modélisation de l’architecture d’entre...

At a time when cyber resilience is becoming a strategic imperative, the NIS2 directive requires affected organizations (essential or important sectors) to evolve their cybersecurity posture, governance, and processes. This evolution cannot be only “one-off” or technical. It requires a holistic view of the organization, its governance, its processes, its information systems, and its technologies. T...

  Thanks to the Eclipse Foundation , and as a member of the Open Regulatory Compliance Working Group (ORC WG), I had the opportunity to participate in a panel at an exciting event on the Cyber Resilience Act (CRA), organized as a prelude to FOSDEM! We explored the impact of this regulation on the open source ecosystem, its legal implications, and the challenges we face together. It was an incredib...