Information security for networked industrial products has become an almost obligatory design target for their development. IT and system security and safe M2M communication as well as data connections to ERP or cloud applications must be defined as product features, implemented economically and must be retained throughout the life cycle.

Security by design as well as security updates (patch management) across the life cycle are product features that are in high demand. Norms such as IEC 15408, IEC 62443, IEC 62304, IEC 21434 and UN-ECE R 155/156 increasingly form the regulatory framework and define the requirements. This offers the opportunity of obtaining competitive advantages through sustainable information security.

For this purpose, the requirements resulting from the specific application context must be analysed and realized. Furthermore, comprehensible processes, methods and tools for software management must be provided. We support you with cyber security management and monitoring.

Our cyber security solutions include:

• Consideration of security for the device under construction
• Analysis of scenarios for attacks on the product
• Selection and evaluation of protection measures
• Development of hardened embedded Linux systems
• Secure boot for integrity of operating system and application
• Container concepts for isolation of applications
• Secure inter-process communication
• Encrypted diagnosis data for internal system conditions
• Encrypted operating data for the logging of events
• Secured network connection with encryption
• Infrastructure for the creation of software updates (security patches)
• Process for checking the integrity of software updates on the system
• Automated tests of the system integrity and configuration
• Maintenance of the system / security monitoring

Specific security targets are derived, for example, from the requirements on manipulation security (integrity), confidentiality and the availability of the device. They are also important in connection with the protection of person-related or competition-relevant data (e.g. machine data), the intellectual property of the manufacturer and the integrity of, for example, sensor data. The achievement of these targets very often has to be proven through risk analysis, supplier and IT compliance declarations, and audits.