CRA and secure firmware updates for industrial devices
Proekspert helps device makers prepare for the upcoming CRA.
CRA from a device firmware update perspective
The upcoming EU Cyber Resilience Act (CRA) proposes stricter security requirements for electronic and electric devices sold in the EU. In other words, device makers should:
- have mechanisms to distribute software updates securely.
- provide stable and security updates for their devices to immediately deal with discovered weaknesses.
- provide automatic updates and notifications to deal with discovered weaknesses.
CRA from device makers’ perspective
Most device makers that Proekspert is in contact with are (painfully) aware of the upcoming CRA (7/10). Still, only some are actively working on developing next-gen secure software update solutions (3/10) and integrating crypto chips (TPM) into their new devices and/or developing software infrastructure.
In general, device makers sense that the software-level security measures to protect their devices are no longer enough. Devices should have a hardware-level identity and better measures that can mitigate risk of human error, prevent attacks against devices, and prevent the end-user installing functionalities not intended by the manufacturer.
Public Key Infrastructure (PKI) development is a complex process. It is heavily dependent on a specific organization structure’s complexity, like device- and user permission logic.
Secure software updates by Proekspert
Proekspert develops custom secure firmware update solutions. We help device makers:
- choose and integrate proper microcontrollers (MCU) and TPM chips that provide device security online over the cloud and even in offline premises.
- design and develop PKI and other software infrastructure that help manage device identities and user permissions throughout the business organization.
- develop a remote solution to provide automated or manual device firmware updates over the cloud.
Register here for a free meeting where we will help you to discover how to improve your device security.