Get in touch to learn more about our Device Cybersecurity services and how Consult Red can help you meet new legislative requirements.
Get in touch to learn more about our Device Cybersecurity services and how Consult Red can help you meet new legislative requirements.
Device Cybersecurity
Connected. Conformant. Compliant.
Cybersecurity is changing. What was once the sole concern of IT and financial services companies is now becoming relevant to a much broader group of organisations. Manufacturers are not immune.
Under legislation like the Product Security and Telecommunications Infrastructure Act and the Cyber Resilience Act, manufacturers of everything from thermostats to smartwatches face pressure to demonstrate the security of their devices. Fail to do so, and significant fines—and even criminal liability—lie in wait.
With Device Cybersecurity services from Consult Red, you can be confident in your conformance.
Solving your Device Cybersecurity challenges
From initial gap analysis and changes to your hardware and software, through to comprehensive testing and assessment, our Device Cybersecurity services offer everything you need to ensure your product conforms.
Gap Analysis Service
You don’t know whether your device has all the required security features or you aren’t sure whether you have all the necessary documentation.
We will analyse what you have already and identify where there are gaps to be filled.
Compliance Service
You need someone with expertise to perform compliance testing or you want to speed up your self-certification process.
We can use our experience to verify your compliance with the EN 18031 standards and our tools to speed up the process.
Implementation Service
You need help to add security mechanisms to your product so that it complies with EN 18031.
We have full stack, chip-to-cloud engineering capabilities and extensive experience with security on all types of embedded and IoT devices.
Deployment & In-life Services
You need to ensure security as and after your devices are deployed to the field.
We can help with secure deployment, analysing security logs, managing security issue reports and more.
Advisory Services
You just need advice from a trusted, experienced partner.
We can help with cybersecurity-related problems.
Cybersecurity legislation
Cybersecurity legislation is being introduced to protect digital systems and personal information from cyber threats.
EU: Radio Equipment Directive Article 3(3)(d), (e) and (f)
- Harmonised standards EN 18031-1, –2 and -3
UK: Product Security and Telecommunications Infrastructure Act 2022
- Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
- Reference ESTI EN 303 645
Additional legislation will follow, including the EU Cyber Resilience Act.
Legislation spotlight: EU Radio Equipment Directive / EN 18031
There are three types of device functionality covered by the EU Radio Equipment Directive (RED) cybersecurity requirements:
Internet Connected Radio Equipment (Art 3(3)(d)/Part 1)
- Any device that connects to the internet, whether directly or via other equipment
- e.g. DSL modem, smart thermostat, Wi-Fi printer
AIM: Protect the network
Equipment that processes personal, traffic or location data (Art 3(3)(e)/ Part 2)
- And which is either internet-connected, used for childcare, a toy, or wearable device
- e.g. smart baby monitor, smartwatch
AIM: Protect personal data
Equipment that processes money, stored value or virtual currency (Art 3(3)(f)/ Part 3)
- And which is internet-connected
- e.g. card payment terminal, ATM, vending machine
AIM: Protect against fraud
Aspects covered by the legislation
Penalties for non-compliance
The new legislations come with tough penalties for non-compliance:
UK PSTI
- Up to £10m or 4% of annual turnover – whichever is greater
EU Radio Equipment Directive
- Penalties vary by member state
- Potential criminal liability
EU Cyber Resilience Act
- Up to €15m or 2.5% of worldwide annual turnover – whichever is greater
Levels of readiness
In our experience, the extent to which a device manufacturer has considered cybersecurity within their existing architecture, design and implementation falls within three broad categories. Which level you are at will influence the amount of work and time taken to become compliant with the standards.
Connected. Conformant. Compliant.
For more than two decades, Consult Red has helped manufacturers and OEMs to overcome their most challenging cybersecurity hurdles. Across set-top boxes, IoT chipsets, modems, and more, we’ve tackled everything from secure communication and access control through to network monitoring and anti-denial-of-service. So, whatever the device, and whatever your need, we can do the same for you.
Be confident in your device cybersecurity, with Consult Red. Get in touch to learn more about our Device Cybersecurity services and how we can help you meet new legislative requirements.