Cybersecurity for embedded systems

Cybersecurity - the protection of information systems, networks and digital and physical infrastructures - is now an important quality feature of networked systems and components and is regulated by law in many industries. For example, the Cyber Resilience Act (CRA) or ‘Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products “with digital elements” is a comprehensive set of rules that defines minimum requirements for the cybersecurity of products with digital elements.

With comprehensive services and pre-qualified solution modules, NewTec supports component manufacturers, system integrators and operators (OEMs) in mastering the associated challenges and fulfilling the legal requirements - for example the Cyber Resilience Act (CRA).

1. Enablement of your organisation:

We support the optimisation of security and development processes. Using a GAP analysis, we determine the maturity level of your processes and support the introduction of compliant processes, for example in accordance with the requirements of the Cyber Resilience Act (CRA). We also create the necessary documentation and strengthen security awareness in your company with workshops and training sessions.

2. Security product development

We support you in the secure and compliant development of your products. This includes product classification in accordance with the CRA and the creation of a cyber security management plan. We support the development and documentation in accordance with relevant requirements, such as the Cyber Resilience Act (CRA), and carry out comprehensive risk analyses across the entire product life cycle (TARA, IRA, DRA). We also develop secure update strategies and advise you on compliance testing to ensure fulfilment of legal requirements. Ready-to-use system modules (platforms) for secure IoT solutions accelerate your development.

3. Secure operation & incident management

We take over the protection and monitoring of your systems for you through automated vulnerability monitoring and effective vulnerability management. We also optimise your update management to close security gaps at an early stage. In the event of security incidents, we offer continuous support through a customised Product Security Incident Response Team (PSIRT). We also provide a public key infrastructure (PKI) to ensure secure communication and authentication.

 

What is Embedded Security?

Embedded security comprises measures to ensure the information security (IT security) of embedded systems. Embedded systems are information-processing systems that are integrated into a larger system and perform certain functions within it (e.g., monitoring, control and regulation, filtering, etc.). Today, such systems are used in a variety of devices and systems, often also in safety-critical application areas such as production environments, medical technology, vehicles or industrial IoT scenarios.

In such embedded systems, special security requirements apply, for example, in terms of availability, tamper resistance, response times (real-time) or the protection of sensitive data. They must be secured against a wide range of possible attack methods, from remote attacks or reading of communications to local manipulation of hardware and supply chain attacks (e.g., on update processes). Complex, often divergent requirements in terms of functionality, cybersecurity and functional safety must be mastered.

Our services in the area of embedded security

In order to implement these complex requirements, NewTec offers a wide range of services and platform solutions for structured security engineering, covering the complete lifecycle of embedded systems. Our offering includes services, pre-qualified hardware and software building blocks, training and consulting on all aspects of embedded security - from system design to secure operation.

Security Management: Holistic Process Consulting

NewTec's proven security management process - NTSecurityManagementProcess - complements your existing product engineering processes (PEP) with a structured approach to reconcile all requirements from the areas of system development, security and safety and to ensure their implementation. If you wish, we can train and advise your team during the introduction of your security management process or strengthen your project team on site.

Added value for your processes

• Processes compliant with IEC 62443
• Basis for conformity declaration or certification
• Exclusion of liability risks
• Structured controlled process
• Transparency of development steps
• Higher product quality 

NewTec Security Services: from concept to operation

NewTec offers a wide range of solutions and services for embedded security engineering, covering the complete lifecycle of your system - from system concept to project implementation and secure operation.

Expert Services to secure your products
System and requirements analyses, security concepts incl. secure update strategies, reviews, penetration & security robustness testing, interim security manager

Engineering and integration support
from system development to security and safety engineering to system integration

Managed services for securing the operation
Tailored operational concepts and managed services including continuous testing for new threats and compliance with security standards as well as incident and obsolescence management for security-related components

Security know-how for your employees: workshops, trainings, seminars
We help you to build up security know-how yourself and to sensitize your employees to information security issues. Learn more about our complete training program.

NTSecureCloudSolutions: System components for secure IoT solutions

Our hardware platforms for embedded systems with end-to-end encryption (NTSecureCloudSolutions) help you bring your secure IoT system to market quickly and without major development effort.

Your benefits

• Highly secure IoT applications with hardware-based end-to-end encryption
• Shorter time-to-market
• Cost savings for development and certification
• Flexibility due to numerous communication interfaces

The NTSecureCloudSolutions include security nodes for cloud connection of sensors and IoT devices (NTSecureNode), a secure IoT gateway (NTSecureGateway), software for trusted communication with cloud services (NTSecureCloudConnector), a highly secure cloud database (NTSecureCloud), and cloud-based data analysis services for various applications.