In the event of a security incident, our Rapid Response Force is available 24/7. 

Protecting embedded & IOT systems

In a context where systems are becoming interconnected and interdependent (connected car, smart cities, industry 4.0, OTA updates etc…) and where legislation is getting tougher (UNECE WP29 (UNR 155 / 156), the Resilience Act, the NIS and NIS2 directives, as well as the GDPR) it is becoming crucial to guarantee product availability and integrity, while ensuring high-level cyber protection over the long term, which is in addition to existing security and safety requirements.

Contact us

505 billion

The automotive industry will lose $505 billions to cybercrime between 2019 and 2023.
Upstream

Align cyber strategy with business objectives while ensuring compliance.

Our industrial customers face two major challenges:

  1. A considerable increase in the vulnerability of their products to cyber-attacks.
  2. More stringent regulatory requirements.

This situation is due to several factors:

  • Product development cycles have accelerated to meet commercial requirements (Time To Market), which can affect the quality of software (SW) and hardware (HW) development.
  • Increased diversity and complexity of end-product components
    • Large number of stakeholders (Tier 1, 2, 3)
    • Assembly of uncontrolled components
  • The use of different languages, protocols and communication interfaces increases the risk of vulnerabilities.
  • Evolving and increasingly complex threat models, such as code injection attacks on automotive CAN networks.

Faced with these challenges, manufacturers are under increasing pressure from regulators to adapt by modifying their products, management systems and production processes. Each sector faces specific regulations:

  • Automotive: UNECE WP29 (UNR 155 / 156), Euro 7, TISAX label.
  • Railways : LPM, Regulation (EU) 2016/798, Directive (EU) 2019/881.
  • Maritime: Resolution MSC.428(98).
  • Construction: Cyber Resilience Act, Ready-to-Service Label.
  • Industry in general: NIS, NIS 2, GDPR.

Sector expertise backed by a methodological approach

Governance

Governance development
Setting up a roadmap and monitoring KPIs
Identifying priorities for change
Drafting security policies
Compliance
Risk assessment
Threat modeling

Technical expertise 

Architecture definition
Drafting specifications and terms of reference
Support in selecting and implementing third-party platforms
Mapping network elements
Establish technical specifications for safety functions to reduce risk and exposure levels

Audit

Support in defining requirements
Performing gap analysis
Definition of remediation plans

The values of our consultants at your service

Adaptability

The variety of our assignments, combined with the diversity of Formind consultants’ profiles, enables us to adapt quickly to your specific challenges.

Technical expertise

The experience acquired in the field, combined with the training courses attended by our consultants and the certifications they have obtained, attest of their technical competences.

A methodological approach

Depending on your needs, we adopt a methodical approach, using simple and effective management tools to ensure rigorous follow-up of the assignment.

Our customer references

 

  • Advices and support on UNR 155 compliance strategy
  • ECU & System risk analysis
  • Third-party audit (Level 1)

FAQ

What are the security challenges associated with embedded systems and the IoT?

Key challenges include the vulnerability of connected devices, hacking risks, protecting sensitive data, and managing security updates.

How can cyber-attacks affect embedded systems and the IoT?

Cyber-attacks can compromise data confidentiality, disrupt operations, access sensitive information, or even take control of connected devices.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us