Embedded Systems Academy

As we step into 2025, the team at EmSA (Embedded Systems Academy) extends our warmest wishes for a prosperous and successful New Year to all our customers and partners!

We have been working on cybersecurity options for embedded small-packet networks for years, but adoption has been slow. Most of our customers know that they need to invest in “some security” eventually. However, without real customer demand or immediate regulatory pressure, the implementation of cybersecurity measures has lagged.

Well, in 2025 and the following years, regulatory pressure will become increasingly urgent. Once you examine the detailed consequences of NIS-2, the EU Cyber Resilience Act (products sold in the EU must comply by end of 2027), and standards like IEC 62443, it becomes clear that this is not just a hill of security measures to climb — for several industries, it will be a mountain.

There are 47 security requirements listed in IEC 62443-4-1, which all need to be addressed and documented, if compliance to IEC 62443 is required. The Cyber Resilience Act is less detailed, but still has some 20+ requirements to address. Each requirement needs to be taken “care of” and it needs to be documented what has been done to take care of it.

In 2025, we at EmSA plan to publish several white papers to help you “get a grip” on the security aspects of your embedded applications using embedded networks. There will also be a number of non-cryptographic measures applicable to CAN and CANopen networks to help achieve at least one of the lower security levels.

For those who need to go “all the way,” we will offer cryptographic solutions for CAN FD, CANopen FD, RS232 connections, and other embedded small-packet networks.

Follow us on this blog, our LinkedIn page, and our YouTube channel to stay up to date with security measures for small-packet networks.