Torizon can lower the effort and cost to comply with regulations and keep your focus on the unique value of your products and not on the effort to clear checkboxes in security requirement guidelines.
The newly proposed EU Cyber Resilience Act is highly relevant for the Industrial Internet of Things (IIoT), Industrial Automation & Control Systems, and general-purpose microprocessors. It is driven by the enormous cost caused by cybercrime, estimated at EUR 5.5 trillion in 2021. The EU understands that this is caused by low cybersecurity standards in HW and SW and the inability of users to choose products with adequate security due to missing transparency. The penalties for non-compliance are up to €15 million or 2.5 percent of their global annual turnover.
Some of the Requirements for the Cyber Resilience Act:
- Communication about vulnerabilities
- No delay in patching the vulnerabilities
- Secure-by-default configuration
- Cybersecurity risk assessment
- Software Bill of Material (SBOM) requirements
Torizon can simplify compliance with the upcoming Cyber Resilience Act.
Software update security: Common mistakes
This is part 3 of our 7-part series about over-the-air software updates. In part 1, we told you about all the reasons it's important to be able to deliver software updates remotely, and in part 2 we wrote about all the reasons software update systems are dangerous. Today, we're looking at ways to protect your software update system that might seem secure at first glance, but aren't—with famous real-world failures for each example.
The dangers of remote updates
This is part 2 of our 7-part series about over-the-air software updates. In part 1, we told you about all the reasons it's important to be able to deliver software updates remotely - in today's world, you can't keep any connected device secure unless you can update it. Today's post, though, goes in the opposite direction: we're going to look at why software update systems can be incredibly dangerous, and why you should treat them with skepticism and caution.
Why do we need remote updates for connected devices?
With the explosion of internet-connected devices in recent years, there has been an industry-wide realization of the need to keep these devices updated throughout their lifetime. This is the first part of a series that will explore the concept of remote over-the-air (OTA) updates, providing designers details they will need when implementing remote OTA update solutions into their systems. We will especially focus on the important security aspects. We'll start with the basics.
Cybersecurity and Software Updates in Medical Devices
It is important for medical device manufacturers to regularly update their devices to ensure that they are secure and function properly. Today, the widespread use of connected IoT device fleets, along with escalating concern over cybersecurity, has made that process even more critical. The FDA recommends that medical device manufacturers have a process to do this securely and in a timely manner.
Enhanced Cybersecurity and FIPS 140-2 Compliance using NXP® i.MX 8X
The road to cybersecurity compliance for regulated applications in the utilities, medical, and defense industries can be difficult. Achieving the required certifications can significantly increase timelines for development time/cost which can significantly delay a product launch.
TorizonCore runs on most of our newer modules! Leverage a fully integrated stack and start developing today.
TorizonCore is fully Open Source! We provide references on how to integrate it with your own hardware. Do it yourself or with our partners!
To kick-start your evaluation, choose from these Starter Kits to profit from the tight software-hardware integration.