The CRA forces manufacturers to protect their embedded systems properly against cybersecurity threats. Otherwise, they face heavy penalties and sales bans. We provide practical tips, how to perform a risk assessment, which security measures are enough to satisfy the essential product requirements, how to tame the thousands of vulnerabilities, and whether it's worth to make an embedded system comply with the CRA at all.
If a product is placed on the EU market before 11 December 2027 and is subject to a substantial modification after that date, it must satisfy all the rules of the Cyber Resilience Act (CRA) from the modification date onwards
As a machine or device manufacturer, you probably have some sleepless nights because of the Cyber Resilience Act (CRA). What do you have to do so that you can sell your products after 11 December 2027 and don't
Overview of my posts and talks about risk assessment of the essential product requirements of the EU Cyber Resilience Act (CRA).
When we look closer at the support period, we'll find more and more interesting questions. * Does the support period start, when the end user buys a product or when a product is released, manufactured or sold for the
According to Annex I Part II of the EU CRA, manufacturers must actively search for vulnerabilities in their embedded devices, fix them and publicly disclose them to their users and the cybersecurity authorities. Manufacturers must implement a process to release
Every manufacturer must implement the essential requirements in Annex 1 Part 1 of the EU CRA in their products. They must also document how they comply with the essential requirements in a conformity assessment. The wording of the essential requirements
Which devices are covered by the EU Cyber Resilience Act (EU CRA)? * An X-ray fluorescence (XRF) analyser connected with the Internet over WiFi. * A metal-sheet bending machine with an Ethernet port, which will only be used in the future. * The
Unlike consumer devices, machines, ECUs or medical devices are in the field for 15 or more years. There inevitably comes the time in their life, when you must update their boot loader. I'll show you how to do
Security researchers from TrendMicro and the Technical University of Milano explain in a blog post "The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard" and a video how to switch off any electronic control unit (ECU)