Embedded Product Security

Today, security requirements must be considered as an indispensable design goal in the development of networked products in order to ensure the reliable and trouble-free operation of systems. For renowned manufacturers, it is essential to prevent their branded products from becoming a gateway for malware in the field by ensuring a high level of product security. In the case of Critical Infrastructure (CRITIS), measures are even required by law, affecting the utility industry, the health sector and the transport industry. embeX offers OT cybersecurity of products for these sectors and industrial automation, up to the highest level: SL 4 in accordance with IEC 62443.

The challenge for the development of embedded or OT components lies in the limited resources as compared to IT and the often missing physical access control. embeX is the leading development service provider for OT security and offers a comprehensive range of services: from the idea to the end of the product life cycle including comprehensive PSIRT services.

Certified Products by Certified Developers

Our employees are certified according to the following security norms and standards:

  • ISO 31000 “Risk Management” (TÜV Rheinland)
  • Certified Ethical Hacker CEHv11 (EC Council)

Engineering Services

For the consistent implementation of the security-by-design concept, embeX works systematically according to a proven development process that is also available to customers for adoption. Our offer covers all aspects of development and product life cycle support:

Security Risk Analysis

  • According to CIA Modell
    • Confidentiality
    • Integrity
    • Availablity
  • According to AAA Modell
    • Authentication
    • Authorisation
    • Accounting
  • We prefer to use the STRIDE model
    • Spoofing
    • Tampering
    • Repudiation
    • Information disclosure
    • Denial of service
    • Elevation of privilege

Secure Communication

  • OPC UA
  • MQTT as basis
  • Modbus TCP as basis
  • Bluetooth
  • WiFi
  • ProfiNet as basis
  • Customer specific solutions

Services during the Product Life Cycle

  • Pen Tests
  • Product Security Incident Response Team (PSIRT)

Protecting Functional Safety by Cybersecurity

Standards and Directives

We work according to the following guidelines and standards:

  • ISO 31000: “Risk management - Guidelines”
  • IEC 27033: “Information technology - Security techniques - Network security”
  • IEC 27034: “Information technology - Application security”
  • IEC 15408: “Common criteria”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • NIST SP 800: “Cybersecurity framework”
  • ETSI Cyber Security Technical Committee (ETSI TC)
  • Medical Device Certification Group: MDCG 2019-16: “Guidance on Cybersecurity”
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Device”
    • “Postmarket Management of Cybersecurity in Medical Device”
  • PNO: “PROFINET Security Class 1 Guideline
  • TS 50701: “Railway applications - Cybersecurity”

Who to contact

Lukas Fey

Head of Department Cybersecurity

Fon:     +49 761 479799-301

l.fey(at)embeX.de

Download vCard

For secure communication please use the Open PGP Public Key

Hashwert SHA1: 15AD15CE1FCA1B2ECFD3A7B8CA251835CFF0B071

Contact

Tel.: +49 761 479799-301
l.fey(at)embeX.de