I’ve been thinking about this for three days at Embedded World. Numerous debates and conversations with my peers and the other cyber experts present at the show inspired me to share a few thoughts with you. Just the time to write a few lines before traveling for a series of workshops across Europe with NXP, Avnet, Witekio, and Keyfactor among others.
Cybersecurity is not a new topic. Dealing with some level of formalism in cybersecurity neither: Common Criteria certifications, for instance, have been around for more than 20 years, and are internationally recognized thanks to various mutual agreements such as the CCRA (and in Europe the SOG-IS) that allow a country to recognize the certificates produced by another country.
These evaluation and certification processes ensure that some level of robustness against state-of-the-art attacks is reached, and are essential to provide trust in sensitive devices we use every day to secure our payments, identities, and communications.
The catch is that these cybersecurity evaluations are really focused on security products, such as smartcards, TPMs, HSMs, … but not your everyday connected device.