Device Cybersecurity

Connected. Conformant.​ Compliant.

Cybersecurity is changing. What was once the sole concern of IT and financial services companies is now becoming relevant to a much broader group of organisations. Manufacturers are not immune.

Under legislation like the Product Security and Telecommunications Infrastructure Act and the Cyber Resilience Act, manufacturers of everything from thermostats to smartwatches face pressure to demonstrate the security of their devices. Fail to do so, and significant fines—and even criminal liability—lie in wait.

With complete Device Cybersecurity services from Consult Red, you can be confident in your conformance.

Device Cybersecurity - Self-Assessment

Self-Assessment

Take 2 minutes to check your compliance

Is your device secure and ready for EU cybersecurity legislation?

Take our free-self-assessment to find out now.

Quick guide - 6 key considerations for device cybersecurity

Quick Guide

6 key considerations for Device Cybersecurity compliance

Learn what can go wrong if they are not addressed and how threats can be mitigated as part of good device design and development.

CVE monitoring - Cyber security

Article

CVE Monitoring Demystified: Why It’s Essential for Cybersecurity

CVEs are a way of formalising known vulnerabilities so that they can be resolved by everyone who has the affected software.

Consult Red | GET-Secure

Device and Process Cybersecurity Activation Services

• Security Foundations
We ensure your device and processes are built on a secure architecture.

• Security Implementation
We integrate the essential security features your device needs to stay protected.

• Security Assurance
We verify your device meets compliance and security standards, giving you peace of mind.

Our Goals

• Build secure processes • Make your product secure • Verify your secure product

GET-Secure - Device and Process Cybersecurity Activation Services

Consult Red | STAY-Secure

Device and Process Cybersecurity Maintenance Services

• Security Monitoring
We track evolving threats and keep your device safe from external risks.

• Security Control
We manage security controls in your development process to prevent vulnerabilities.

• Security Response
We handle security incidents fast and effectively to keep your device secure.

Our Goal

• Operate secure processes to keep your product secure

STAY-Secure - Device and Process Cybersecurity Maintenance Services

Cybersecurity Legislation applying to Connected Devices

EU
Cyber Resilience Act
(CRA)

Applicability: EU

In force: Full application from 11 December 2027; some obligations start in September 2026

Applies to: Products with digital elements (hardware or software)

Requirements: Products must be secure by design, maintained throughout their lifecycle, and meet mandatory cybersecurity obligations, including vulnerability management and reporting

Compliance: High-risk products must use notified body review; others can use self-assessment with harmonised standards (currently in development)

UK Product Security and Telecommunications Infrastructure (PSTI) Act

Applicability: UK

In force: Now

Applies to: Consumer connectable products (IoT devices) capable of connecting to the internet or other networks

Requirements: Devices must not use default passwords, must provide a vulnerability reporting channel, and must inform the consumer about the period during which they can expect to receive security updates

Compliance: Manufacturers, importers, and distributors must issue a Statement of Compliance and meet PSTI security obligations before sale.

EU Radio Equipment Directive (EU RED) – Cybersecurity Requirements

Applicability: EU

In force: Now

Applies to: Radio equipment that can communicate over networks (e.g., Wi-Fi, Bluetooth, cellular)

Requirements: 13 categories of security mechanisms, including secure storage and communication, secure updates, and security best practices

Compliance: manufacturer must self-certify compliance with EN 18031 standards, or use a Notified Body

   

Penalties for non-compliance

The legislation come with tough penalties for non-compliance:

EU Cyber Resilience Act​

  • Up to €15m or 2.5% of worldwide annual turnover – whichever is greater

UK PSTI​

  • Up to £10m or 4% of annual turnover – whichever is greater​

EU Radio Equipment Directive​

  • Penalties vary by member state​
  • Potential criminal liability
Penalties for non complience
Device Cybersecurity - Self-Assessment

Self-Assessment

Is your device secure and ready for EU cybersecurity legislation?

The path to cybersecurity compliance

Considering an existing solution which is believed to not be fully compliant (project duration depends on the nature of the product and the number and size of the gaps​).

  • Planning

    • Identify products that are in scope​
    • Identify technical characteristics of the products​
    • Estimate the size of the problem

  • Gap analysis

    • Audit existing implementation against requirements laid out in the standards and identify areas of non-compliance​
    • May include an element of testing, where existing level of compliance is not clear​

  • Architecture and design

    • Design a solution that addresses the requirements. This may include:​
      • Software changes​
      • Hardware changes​
      • Process changes​
      • Changes to supporting infrastructure​

  • Implementation

    • Implement the changes​
    • Test the changes to ensure they operate as intended​

  • Post-deployment

    • Receive reports of in-field security issues and respond to these
    • Monitor vulnerability databases for newly discovered vulnerabilities that may affect your product, and issue security updates to fix these
    • Review the security implications of any new feature updates to the device

Connected. Conformant. ​Compliant.

For more than two decades, Consult Red has helped manufacturers and OEMs to overcome their most challenging cybersecurity hurdles. Across set-top boxes, IoT chipsets, modems, and more, we’ve tackled everything from secure communication and access control through to network monitoring and anti-denial-of-service. So, whatever the device, and whatever your need, we can do the same for you.

Be confident in your device cybersecurity, with Consult Red. Get in touch to learn more about our Device Cybersecurity services and how we can help you meet new legislative requirements.

security assessment, secure architecture, remote management

Related Insights

Understanding Supply Chain Attacks: A Growing Threat in Cybersecurity

Articles

Understanding Supply Chain Attacks: A Growing Threat in Cybersecurity

Supply chain attacks are an evolving threat to embedded systems that require a proactive approach to cybersecurity.
CVE monitoring - Cyber security

Articles

CVE Monitoring Demystified: Why It’s Essential for Cybersecurity

CVEs (common vulnerabilities and exposures) are a way of formalising known vulnerabilities so that they can be resolved by everyone who has the affected software.
Penetration Testing for IoT

Articles

Hacked or Hardened? Why Penetration Testing is Critical for IoT Success

Pen testing simulates real-world attacks on your IoT infrastructure, identifying hidden vulnerabilities before malicious actors can exploit them.