Embedded Security

Security requirements are nowadays considered as a design goal in the development of networked devices and components in order to ensure the reliable and trouble-free operation of systems. The Critical Infrastructure Protection (CIP) even requires legal measures that affect the utility industry, the health sector and the transport industry. Especially in industrial IT, espionage, and targeted attacks on data as well as intellectual property constitute new risk and threat scenarios. embeX complies with them with a comprehensive range of services for Security by Design.

Our experts are certified to ONR 49003 (“Risk Management for Organizations and Systems”) and ensure secure products from development to the end of the product lifecycle.

Engineering Services

  • Risk analysis
  • Risk assessment
  • Threat Modeling
  • Consulting on IT security at system level
  • Consulting on embedded security at the component level
  • Creation of security concepts
  • Consulting on the selection of operating systems
  • Secure coding
  • Static code analysis
  • Fuzzing tests for robustness
  • Penetration tests
  • Product Life Cycle Support

Risk Analysis 

  • Confidentiality
  • Integrity of the data
  • Availability of the function
  • Authenticity
  • Legal certainty
  • Personality rights

Secure Communication

  • OPC-UA
  • MQTT as basis
  • Modbus TCP as basis
  • Bluetooth
  • WiFi
  • Customer specific solutions

Standards and Directives

We are currently certified according to ISO / IEC 27001 and work among others according to the following guidelines and standards:

  • ISO 31000: “Risk management - Guidelines”
  • ISO 31000: “Information technology - Security techniques - Network security”
  • IEC 15408: “Common criteria”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • IEC TR 63069: “Industrial-process measurement, control and automation - Framework for functional safety and security”
  • IEC TR 63074: “Security aspects related to functional safety of safety-related control systems”
  • NIST SP 800: “Cybersecurity framework”
  • ETSI Cyber Security Technical Committee (ETSI TC)
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Device”
    • “Postmarket Management of Cybersecurity in Medical Device”
  • IEC 50159: “Railway applications. Communication, signalling and processing systems. Safety-related communication in transmission systems”

Note: The above mentioned IEC standards are still partially in the draft stage. Nevertheless, their consideration in development projects with regard to the current security requirements is highly recommended. While the responsibility for meeting security requirements has recently been assigned to plant operators (for example, concepts such as “Defense in Depth”), legislators are currently expecting substantial contributions from component manufacturers.

Who to contact

 

Lukas Fey

IT Security Consultant

Fon:     +49 761 479799-301

l.fey@embeX.de

Contact

Tel.: +49 761 479799-301
l.fey@embeX.de