English
Ultra low-power crystal-based 32 kHz oscillator designed in TSMC 22ULL
Industry Expert Blogs
|
The Cyber Resilience Act and its Impact on Embedded SystemsKiviCore BlogJan. 29, 2025 |
The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to enhance the cybersecurity of digital products and services, with a particular focus on the growing risks in the digital supply chain. Set to come into force in late 2024, the EU Cyber Resilience Act aims to protect critical infrastructure by ensuring that all products with digital components meet strict security standards by 2027. The CRA represents a critical step towards building cyber-resilient systems in these sectors. It is important for companies to understand compliance requirements and how to effectively protect embedded systems. The blog post outlines the Cyber Resilience Act (CRA) and its implications for embedded systems, focusing on the need and important steps for manufacturers to meet strict cybersecurity requirements.
The Impact of EU CRA on Embedded Systems
Important things first: manufacturers of devices based on micro-controllers, microprocessors and FPGA systems, as well as ASICs with security-related functions, must take action.
The Cyber Resilience Act (CRA) puts significant pressure on the manufacturers and developers of these systems. The CRA emphasizes a shift towards the principles of "Secure by Design" to ensure that embedded systems are built with robust security mechanisms and protocols from the start.
An important first step is to conduct a Threat and Risk Assessment to identify and assess potential security vulnerabilities. Manufacturers must assess which attacks and exploits can affect the device, regardless of an attacker's motives. Protection measures should be tailored to the device in question, balancing the technical costs against the potential impact.
The essential technical security requirements include different features that products with digital elements must meet depending on the level of risk identified in the risk assessment. In the table below you can find all the technical security requirements for the products mentioned in the rating agency.
