Get in touch to learn more about our Device Cybersecurity services and how Consult Red can help you meet new legislative requirements.
Get in touch to learn more about our Device Cybersecurity services and how Consult Red can help you meet new legislative requirements.
Device Cybersecurity
Is your connected device secure?
The security of connected devices and systems should be a primary consideration for any product manufacturer or designer, ensuring their products and end-users are safe from hackers and other online threats.
New legislation is being introduced to ensure device cybersecurity best practices are being met and to help protect digital devices, networks and data from cyber threats.
Cybersecurity legislation
Cybersecurity legislation is being introduced to protect digital systems and personal information from cyber threats.
EU: Radio Equipment Directive Article 3(3)(d), (e) and (f)
- Harmonised standards EN 18031-1, –2 and -3
UK: Product Security and Telecommunications Infrastructure Act 2022
- Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
- Reference ESTI EN 303 645
Additional legislation will follow, including the EU Cyber Resilience Act.
Legislation spotlight: EU Radio Equipment Directive / EN 18031
There are three types of device functionality covered by the EU Radio Equipment Directive (RED) cybersecurity requirements:
Internet Connected Radio Equipment (Art 3(3)(d)/Part 1)
- Any device that connects to the internet, whether directly or via other equipment
- e.g. DSL modem, smart thermostat, Wi-Fi printer
AIM: Protect the network
Equipment that processes personal, traffic or location data (Art 3(3)(e)/ Part 2)
- And which is either internet-connected, used for childcare, a toy, or wearable device
- e.g. smart baby monitor, smartwatch
AIM: Protect personal data
Equipment that processes money, stored value or virtual currency (Art 3(3)(f)/ Part 3)
- And which is internet-connected
- e.g. card payment terminal, ATM, vending machine
AIM: Protect against fraud
Aspects covered by the legislation
Penalties for non-compliance
The new legislations come with tough penalties for non-compliance:
UK PSTI
- Up to £10m or 4% of annual turnover – whichever is greater
EU Radio Equipment Directive
- Penalties vary by member state
- Potential criminal liability
EU Cyber Resilience Act
- Up to €15m or 2.5% of worldwide annual turnover – whichever is greater
Levels of readiness
In our experience, the extent to which a device manufacturer has considered cybersecurity within their existing architecture, design and implementation falls within three broad categories. Which level you are at will influence the amount of work and time taken to become compliant with the standards.
Solving your Device Cybersecurity challenges
With a range of Advisory, Compliance, Implementation, Deployment & In-Life services, our expert team are ready to support your cybersecurity challenges.
Gap Analysis Service
You don’t know whether your device has all the required security features or you aren’t sure whether you have all the necessary documentation.
We will analyse what you have already and identify where there are gaps to be filled.
Compliance Service
You need someone with expertise to perform compliance testing or you want to speed up your self-certification process.
We can use our experience to verify your compliance with the EN 18031 standards and our tools to speed up the process.
Implementation Service
You need help to add security mechanisms to your product so that it complies with EN 18031.
We have full stack, chip-to-cloud engineering capabilities and extensive experience with security on all types of embedded and IoT devices.
Deployment & In-life Services
You need to ensure security as and after your devices are deployed to the field.
We can help with secure deployment, analysing security logs, managing security issue reports and more.
Advisory Services
You just need advice from a trusted, experienced partner.
We can help with cybersecurity-related problems.