Information security for networked industrial products has become an almost obligatory design target for their development. IT and system security and safe M2M communication as well as data connections to ERP or cloud applications must be defined as product features, implemented economically and must be retained throughout the life cycle.
Improve competitive advantages with cyber security
Security by design as well as security updates (patch management) across the life cycle are product features that are in high demand. Norms such as IEC 15408, IEC 62443, IEC 62304, IEC 21434 and UN-ECE R 155/156 increasingly form the regulatory framework and define the requirements. This offers the opportunity of obtaining competitive advantages through sustainable information security.
For this purpose, the requirements resulting from the specific application context must be analysed and realized. Furthermore, comprehensible processes, methods and tools for software management must be provided. We support you with cyber security management and monitoring.
Our cyber security solutions include:
- Consideration of security for the device under construction
- Analysis of scenarios for attacks on the product
- Selection and evaluation of protection measures
- Development of hardened embedded Linux systems
- Secure boot for integrity of operating system and application
- Container concepts for isolation of applications
- Secure inter-process communication
- Encrypted diagnosis data for internal system conditions
- Encrypted operating data for the logging of events
- Secured network connection with encryption
- Infrastructure for the creation of software updates (security patches)
- Process for checking the integrity of software updates on the system
- Automated tests of the system integrity and configuration
- Maintenance of the system / security monitoring
Specific security targets are derived, for example, from the requirements on manipulation security (integrity), confidentiality and the availability of the device. They are also important in connection with the protection of person-related or competition-relevant data (e.g. machine data), the intellectual property of the manufacturer and the integrity of, for example, sensor data. The achievement of these targets very often has to be proven through risk analysis, supplier and IT compliance declarations, and audits.
BEST PRACTICERademacher Geräte-Elektronik GmbH
Increased cyber security through maintainability
In the development of the HomePilots® emlix was responsible for the conception of an embedded Linux-based platform.
The focus of the project was on the high security demands, because the intelligent devices transmit personal data such as camera material to the control unit. Furthermore, emlix is supporting Rademacher in maintaining the IT security of the product throughout its entire life cycle.