engineering the
embedded world

Embedded Security

Security requirements are nowadays considered as a design goal in the development of networked devices and components in order to ensure the reliable and trouble-free operation of systems. The Critical Infrastructure Protection (CIP) even requires legal measures that affect the utility industry, the health sector and the transport industry. Especially in industrial IT, espionage, and targeted attacks on data as well as intellectual property constitute new risk and threat scenarios. embeX complies with them with a comprehensive range of services for Security by Design.

Our experts are certified to ISO 31000 (“Risk Management”) and ensure secure products from development to the end of the product lifecycle.

Engineering Services

  • Risk analysis
  • Risk assessment
  • Threat Modeling
  • Consulting on IT security at system level
  • Consulting on embedded security at the component level
  • Creation of security concepts
  • Consulting on the selection of operating systems
  • Secure coding
  • Static code analysis
  • Fuzzing tests for robustness
  • Penetration tests
  • Product life cycle support
    • Should you become aware of a security gap in our products, please contact us confidentially at the address below.

Risk Analysis 

  • Confidentiality
  • Integrity of the data
  • Availability of the function
  • Authenticity
  • Legal certainty
  • Personality rights

Secure Communication

  • OPC-UA
  • MQTT as basis
  • Modbus TCP as basis
  • Bluetooth
  • WiFi
  • Customer specific solutions

Protecting Functional Safety by Cyber Security

Standards and Directives

We work according to the following guidelines and standards:

  • ISO 31000: “Risk management - Guidelines”
  • IEC 27033: “Information technology - Security techniques - Network security”
  • IEC 27034: “Information technology - Application security”
  • IEC 15408: “Common criteria”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • NIST SP 800: “Cybersecurity framework”
  • ETSI Cyber Security Technical Committee (ETSI TC)
  • Medical Device Certification Group: MDCG 2019-16: “Guidance on Cybersecurity”
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Device”
    • “Postmarket Management of Cybersecurity in Medical Device”

Further Reading

Secure Communication based on ProfiNet

Who to contact

 

Lukas Fey

Head of Department Cyber Security

Fon:     +49 761 479799-301

l.fey(at)embeX.de

For secure communication please use the Open PGP Public Key

Hashwert SHA1: 15AD15CE1FCA1B2ECFD3A7B8CA251835CFF0B071

Contact

Tel.: +49 761 479799-301
l.fey(at)embeX.de