www.digi.com
Open in
urlscan Pro
2600:9000:223c:c00:c:bdb4:c5c0:93a1
Public Scan
Submitted URL: https://d2qlms04.na1.hubspotlinks.com/Ctc/UB+113/d2qlmS04/VX51Lw4ZlJM8VCTQC43XM5J7W7swsJQ52T_cfN1h3ys23qn9gW95jsWP6lZ3mYW1DhgDm1jBgTzW...
Effective URL: https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations?utm_campaign=Embedded%20Newsletters%20FY23&...
Submission: On August 31 via api from US — Scanned from DE
Effective URL: https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations?utm_campaign=Embedded%20Newsletters%20FY23&...
Submission: On August 31 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST ./embedded-systems-cybersecurity-regulations?utm_campaign=Embedded+Newsletters+FY23&utm_medium=email&_hsmi=272378106&_hsenc=p2ANqtz-8f7LmuHsI7Z5N3xd5JuV5nzI6StTs4Xp1Wi3OZMfzuwRF1gSCd2KPMy6R95ysjio0n-A4la6eOhlz7W0ZY3mLxIPgLteCNxiqbRpcY57DVuJndUa8&utm_content=272378647&utm_source=hs_email&aliaspath=%2fBlog%2fpost%2fEmbedded-Systems-Cybersecurity-Regulations
<form method="post"
action="./embedded-systems-cybersecurity-regulations?utm_campaign=Embedded+Newsletters+FY23&utm_medium=email&_hsmi=272378106&_hsenc=p2ANqtz-8f7LmuHsI7Z5N3xd5JuV5nzI6StTs4Xp1Wi3OZMfzuwRF1gSCd2KPMy6R95ysjio0n-A4la6eOhlz7W0ZY3mLxIPgLteCNxiqbRpcY57DVuJndUa8&utm_content=272378647&utm_source=hs_email&aliaspath=%2fBlog%2fpost%2fEmbedded-Systems-Cybersecurity-Regulations"
id="form">
<input type="hidden" name="__CMSCsrfToken" id="__CMSCsrfToken" value="c9foBa2mA15RkUdzI8C8xCvbgDw933aB7zjZ02w9qcQIHHq6VCGIhvPeIgiQPaFrcg+huXzGyKSZfFKU19iGFHEAmuQ=">
<input type="hidden" name="lng" id="lng" value="en-US">
<script type="text/javascript">
//<![CDATA[
function PM_Postback(param) {
if (window.top.HideScreenLockWarningAndSync) {
window.top.HideScreenLockWarningAndSync(1080);
}
if (window.CMSContentManager) {
CMSContentManager.allowSubmit = true;
};
__doPostBack('m$am', param);
}
function PM_Callback(param, callback, ctx) {
if (window.top.HideScreenLockWarningAndSync) {
window.top.HideScreenLockWarningAndSync(1080);
}
if (window.CMSContentManager) {
CMSContentManager.storeContentChangedStatus();
};
WebForm_DoCallback('m$am', param, callback, ctx, null, true);
}
//]]>
</script>
<script src="/ScriptResource.axd?d=NJmAwtEo3Ipnlaxl6CMhvvoanhjbGgLLGg-ISm_JxkdtRCpf1EsQmtiBX6jzjMMNXk08Z12Alz8Ps-i5Y-wykIzXDgRs56N8m30DbvZSPj9BluGD2qtWHxQCrE-Dt3CMn7bEEHWCa7NfOO1-vi2JEaMFscU1&t=ffffffff9a9577e8" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
var CMS = CMS || {};
CMS.Application = {
"language": "en",
"imagesUrl": "/CMSPages/GetResource.ashx?image=%5bImages.zip%5d%2f",
"isDebuggingEnabled": false,
"applicationUrl": "/",
"isDialog": false,
"isRTL": "false"
};
//]]>
</script>
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="A5343185">
<div id="ctxM">
</div>
<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TPWV5V" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->
<nav id="nav2018" aria-label="Main">
<div class="container">
<a href="/" class="logo" title="Back to home"><img src="/digi/media/nav/logo-digi-svg.svg" alt="Digi Logo"></a>
<div class="navigation" data-state="closed">
<div class="upper">
<select id="language-switcher" title="Switch Language" class="dnt" onchange="change_language(this.value);return false;">
<option value="en">English</option>
<option value="es">Español</option>
<option value="de">Deutsch</option>
<option value="zh">中文</option>
</select>
<ul>
<li><a href="/resources/customer-stories">Customer Stories</a></li>
<li><a href="/blog">Blog</a></li>
<li class="block block-lightgrey"><a href="/how-to-buy">How to Buy</a></li>
<li class="block block-green"><a href="/contactus">Contact Us</a></li>
</ul>
</div>
<div class="lower">
<ul>
<li data-state="closed" id="nav-aboutdigi"><a href="/company" class="cat"><span>About Digi</span></a>
<div class="dropdown">
<a href="/company/awards">Awards</a>
<a href="/company/careers">Careers</a>
<a href="/company/environment">Environment</a>
<a href="/company/export">Export Policy</a>
<a href="/company/investorrelations">Investor Relations</a>
<a href="/company/leadership">Leadership</a>
<a href="/company/locations">Locations</a>
<a href="/company/media-coverage">Media Coverage</a>
<a href="/company/partners">Partners</a>
<a href="/company/press-releases">Press Releases</a>
</div>
</li>
<li id="nav-products-type2" data-state="closed" class="mega"><a href="/products" class="cat"><span>IoT Products and Services</span></a>
<div class="dropdown">
<div class="colthree">
<a href="/products/embedded-systems" class="category-type2"><img src="/digi/media/home/home2020/home-icon-embedded.png" alt="Embedded Systems"><span class="h3">Embedded Systems</span></a>
<a href="/products/embedded-systems/digi-xbee">Digi XBee Ecosystem</a>
<div class="subcategory">
<a href="/products/embedded-systems/digi-xbee/rf-modules">RF Modules</a>
<a href="/products/embedded-systems/digi-xbee/cellular-modems">Cellular Modems</a>
<a href="/products/embedded-systems/digi-xbee/intelligent-edge-controller">Intelligent Edge Controller</a>
<a href="/products/embedded-systems/digi-xbee/digi-xbee-gateways">Gateways</a>
<a href="/products/embedded-systems/digi-xbee/digi-xbee-tools">Tools</a>
</div>
<a href="/products/embedded-systems/digi-connectcore">Digi ConnectCore</a>
<div class="subcategory">
<a href="/products/embedded-systems/digi-connectcore/system-on-modules">System-on-Modules</a>
<a href="/products/embedded-systems/digi-connectcore/single-board-computers">Single Board Computers</a>
<a href="/products/embedded-systems/digi-connectcore/software-and-tools/cloud-services">Cloud Services</a>
<a href="/products/embedded-systems/digi-connectcore/software-and-tools/security-services">Security Services</a>
</div>
<a href="/products/embedded-systems/iot-development-kits">IoT Development Kits</a>
</div>
<div class="colthree">
<a href="/products/networking" class="category-type2"><img src="/digi/media/home/home2020/home-icon-networking.png" alt=""><span class="h3">Networking Systems</span></a>
<a href="/products/networking/cellular-routers">Cellular Routers</a>
<div class="subcategory">
<a href="/products/networking/cellular-routers/enterprise">Enterprise Routers</a>
<a href="/products/networking/cellular-routers/industrial">Industrial Routers</a>
<a href="/products/networking/cellular-routers/transportation">Transportation Routers</a>
</div>
<a href="/products/networking/gateways">Gateways</a>
<a href="/products/networking/infrastructure-management">Infrastructure Management</a>
<div class="subcategory">
<a href="/products/networking/infrastructure-management/industrial-automation">Industrial Automation</a>
<a href="/products/networking/infrastructure-management/usb-connectivity">USB Connectivity</a>
<a href="/products/networking/infrastructure-management/serial-connectivity">Serial Connectivity</a>
<a href="/products/networking/infrastructure-management/console-servers">Console Servers</a>
</div>
</div>
<div class="colthree">
<a href="/products/iot-software-services" class="category-type2"><img src="/digi/media/home/home2020/home-icon-softwareservices.png" alt=""><span class="h3">IoT Software and Services</span></a>
<a href="/products/iot-software-services/digi-remote-manager">Digi Remote Manager</a>
<div class="subcategory">
<a href="/products/iot-software-services/digi-wan-bonding">Digi WAN Bonding</a>
<a href="/products/iot-software-services/digi-containers">Digi Containers</a>
</div>
<a href="/support/professional-services">Professional Services</a>
<div class="subcategory">
<a href="/support/professional-services/managed-connectivity-services">Managed Connectivity Services</a>
<a href="/support/professional-services/implementation-services">Implementation Services</a>
<a href="/support/professional-services/application-development">Application Development</a>
</div>
<a href="/products/iot-software-services/wireless-design-services">Wireless Design Services</a>
<a href="/solutions/by-technology/trustfence">TrustFence Security Framework</a>
</div>
<div class="lowerfeatured">
<div class="featured">
<a href="/solutions/by-technology" class="heading">Featured</a>
<a href="/solutions/by-technology/5g">5G</a>
<a href="/solutions/by-technology/lorawan">LoRaWAN</a>
<a href="/solutions/by-technology/firstnet">FirstNet</a>
<a href="/solutions/by-technology/private-lte-based-on-cbrs">Private LTE/CBRS</a>
<a href="/solutions/by-technology/zigbee-wireless-standard">Zigbee</a>
<a href="/solutions/by-technology/usb-over-ip">USB Over IP/AnywhereUSB</a>
<a href="/products/embedded-systems/digi-xbee/digi-xbee-tools/xctu">XCTU</a>
</div>
<a href="/solutions/by-technology/trustfence" class="trustfence"><span class="heading">Digi TrustFence</span> / <span class="link">Built-in security framework for the IoT</span></a>
</div>
</div>
</li>
<li id="nav-smartsense" class="nomenu"><a href="/smartsense" class="nomenu"><span>SmartSense</span></a>
</li>
<li data-state="closed" class="mega" id="nav-applications"><a href="/solutions" class="cat"><span>Solutions</span></a>
<div class="dropdown">
<div class="colthree">
<a href="/solutions/by-application" class="category">Solutions by Application</a>
<a href="/solutions/by-application/mobile-networks-public-safety-emergency-services">Mobile Networks for Public Safety and Emergency Services</a>
<a href="/solutions/by-application/asset-and-inventory-monitoring">Asset and Inventory Monitoring</a>
<a href="/solutions/by-application/environmental-monitoring">Environmental Monitoring</a>
<a href="/solutions/by-application/digital-signage">Digital Signage</a>
<a href="/solutions/by-application/secure-remote-connectivity-solutions">Remote Worker</a>
<a href="/solutions/by-application/green-technology">Green Technology</a>
<a href="/solutions/by-application/traffic-management">Traffic Management</a>
<a href="/solutions/by-application/public-transit">Public Transit</a>
<a href="/solutions/by-application/logistics">Logistics</a>
<a href="/solutions/by-application/positive-train-control-ptc">Positive Train Control (PTC)</a>
<a href="/solutions/by-application/contact-tracing">Contact Tracing</a>
<a href="/solutions/by-application" class="alllink">More Applications</a>
</div>
<div class="colthree">
<a href="/solutions/by-technology" class="category">Solutions by Technology</a>
<a href="/solutions/by-technology/5g">Go-To 5G Connectivity</a>
<a href="/solutions/by-technology/voice-control">Digi ConnectCore Voice Control</a>
<a href="/solutions/by-technology/lorawan">LoRaWAN</a>
<a href="/solutions/by-technology/cellular-failover">Cellular Failover</a>
<a href="/solutions/by-technology/fixed-wireless-access">Fixed Wireless Access</a>
<a href="/solutions/by-technology/edge-computing">Edge Computing</a>
<a href="/solutions/by-technology/firstnet">FirstNet</a>
<a href="/solutions/by-technology/private-lte-based-on-cbrs">Private LTE Based on CBRS</a>
<a href="/solutions/by-technology/sd-wan-software-defined-wide-area-network">SD-WAN</a>
<a href="/solutions/by-technology/out-of-band-management">Out-of-Band Management</a>
<a href="/solutions/by-technology/zigbee-wireless-standard">Zigbee Wireless Mesh Networking</a>
<a href="/solutions/by-technology" class="alllink">More Technologies</a>
</div>
<div class="colthree">
<a href="/solutions/by-industry" class="category">Solutions by Industry</a>
<a href="/solutions/by-industry/energy">Energy</a>
<a href="/solutions/by-industry/smart-cities">Smart Cities</a>
<a href="/solutions/by-industry/medical">Medical</a>
<a href="/solutions/by-industry/industrial">Industrial</a>
<a href="/solutions/by-industry/retail">Retail</a>
<a href="/solutions/by-industry/transportation">Transportation</a>
<a href="/solutions/by-industry/education">Education</a>
</div>
</div>
</li>
<li data-state="closed" class="mega" id="nav-resources2"><a href="/resources" class="cat"><span>Resources</span></a>
<div class="dropdown">
<div class="coltwo">
<a href="/resources/library" class="category">Resource Library</a>
<div class="subcategory">
<a href="/resources/library?type=whitepaper">White Papers</a>
<a href="/resources/library?type=datasheet">Datasheets</a>
<a href="/resources/library?type=solutionbrief">Solution Briefs</a>
<a href="/resources/library?type=technical">Technical Briefs</a>
</div>
<a href="/resources/videos">Videos</a>
<a href="/resources/examples-guides">Examples and Guides</a>
<a href="/resources/project-gallery">Project Gallery</a>
<a href="/resources/security">Security Center</a>
<a href="/resources/certifications">Certifications</a>
<a href="/resources/graphics">Logos and Product Photography</a>
<a href="/resources" class="alllink">More Resources</a>
</div>
<div class="coltwo">
<a href="/company/press-releases">Press Releases</a>
<a href="/company/media-coverage">Media Coverage</a>
<a href="/resources/events">Events</a>
<a href="/resources/webinars">Webinars</a>
</div>
</div>
</li>
<li data-state="closed" id="nav-support" class="mega"><a href="/support" class="cat"><span>Support</span></a>
<div class="dropdown">
<div class="colthree">
<a href="/support/products" class="category-type2"><span class="h3">Support Resources</span></a>
<span class="teaser">Get the latest product updates, downloads and patches.</span>
<span class="icons">
<span class="item"><img src="/digi/media/icons/support-drivers.svg" alt="">Drivers</span>
<span class="item"><img src="/digi/media/icons/support-firmware.svg" alt="">Firmware</span>
<span class="item"><img src="/digi/media/icons/support-documentation.svg" alt="">Documentation</span>
<span class="item"><img src="/digi/media/icons/support-software.svg" alt="">Software</span>
</span>
<a href="/support/products" class="button circlearrow">Browse by Product</a>
</div>
<div class="colthree">
<a href="/support" class="category-type2"><span class="h3">Support Services</span></a>
<span class="teaser">Get the help you need to keep your Digi solutions running smoothly.</span>
<span class="icons">
<a href="/support/support-services" class="item"><img src="/digi/media/icons/support-check.svg" alt="">Expert Support</a>
<a href="/support/professional-services/managed-connectivity-services" class="item"><img src="/digi/media/icons/support-check.svg" alt="">Connectivity Services</a>
<a href="/support/professional-services" class="item"><img src="/digi/media/icons/support-check.svg" alt="">Professional Services</a>
<a href="/products/iot-software-services/wireless-design-services" class="item"><img src="/digi/media/icons/support-check.svg" alt="">Wireless Design Services</a>
</span>
<a href="/support/support-services" class="button circlearrow">View Support Plans</a>
</div>
<div class="colthree">
<a href="/customer-portal">Customer Portal Login</a>
<a href="/support/knowledge-base">Knowledge Base Articles</a>
<a href="/resources/security">Security Center</a>
<a href="https://forums.digi.com">Support Forum</a>
<a href="/support/return-authorization-policy">Return Authorization (RA) Policy</a>
<a href="/support/warranty">Warranty Registration</a>
<a href="/support/support-policy">Digi Support Policy</a>
</div>
</div>
</li>
<li data-state="closed" id="li-search"><a href="/search" title="Search Digi.com" id="nav-search"><span></span></a>
<div class="dropdown right search">
<label for="dq">Search</label>
<input type="text" id="dq" name="dq" autocomplete="off" onkeyup="searchsuggest(this.value);" placeholder="Search all Digi">
</div>
</li>
</ul>
</div>
</div>
<div class="menu">
<span></span>
<span></span>
<span></span>
</div>
</div>
</nav>
<script type="text/javascript">
function searchGetParameterByName(name, url) {
if (!url) url = window.location.href;
name = name.replace(/[\[\]]/g, '\\$&');
var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'),
results = regex.exec(url);
if (!results) return null;
if (!results[2]) return '';
return decodeURIComponent(results[2].replace(/\+/g, ' '));
}
var wait_custom_page_attributes = (searchGetParameterByName("q") != '' ? {
"query": searchGetParameterByName("q")
} : null);
</script>
<div class="blog home">
<div class="cookietrail" data-swiftype-index="false">
<div class="inside">
<a href="/" class="CMSBreadCrumbsLink">Home</a><span class="separator">/</span><a href="/blog" class="CMSBreadCrumbsLink">Blog</a> <span class="separator">/</span>
<a href="/blog/post/embedded-systems-cybersecurity-regulations" class="CMSBreadCrumbsCurrentItem">Embedded Systems Cybersecurity Regulations: How Legislation Is Responding to Security Threats</a>
</div>
</div>
<div class="alert-type2 green">
<a href="https://www.digi.com/resources/library/white-papers/accelerate-device-design-with-security" onclick="gtag('event', 'https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations', { 'event_label': 'https://www.digi.com/resources/library/white-papers/accelerate-device-design-with-security', 'event_category': 'topcta-click', 'non_interaction': false});">Download: Accelerate Device Design Without Sacrificing Security</a>
</div>
<h1 class="interior-heading-type2"><span>Embedded Systems Cybersecurity Regulations: How Legislation Is Responding to Security Threats</span></h1>
<div class="interior-subcontent-type9">
<div class="container">
<div class="column-content">
<div class="thearticle">
<div class="thumbnail" style="background-image: url('/getattachment/2979ae76-fcb9-488a-814d-a302f314fd69/GettyImages-520166808x720.jpg?lang=en-US&width=1224&height=720&ext=.jpg');"></div>
<div class="utilities">
<span class="author">
<span class="avatar"><img src="/getattachment/7b31ff5a-d00f-4672-88bf-c7772e0dadb6/MiguelPerez-500x500.jpg?lang=en-US&width=500&height=500&ext=.jpg
" alt="Miguel Perez"></span>
<span><span class="name"><a href="/blog/meet-the-team/miguel-perez">Miguel Perez, OEM Product Manager, Digi International</a><br></span>
<span class="date">August 29, 2023 </span></span>
</span>
<div class="social-sharing pb-3">
<a href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations?utm_campaign=Embedded%2520Newsletters%2520FY23&utm_medium=email&_hsmi=272378106&_hsenc=p2ANqtz-8f7LmuHsI7Z5N3xd5JuV5nzI6StTs4Xp1Wi3OZMfzuwRF1gSCd2KPMy6R95ysjio0n-A4la6eOhlz7W0ZY3mLxIPgLteCNxiqbRpcY57DVuJndUa8&utm_content=272378647&utm_source=hs_email&atitle=Embedded%20Systems%20Cybersecurity%20Regulations:%20How%20Legislation%20Is%20Responding%20to%20Security%20Threats%20%7C%20Digi%20International" class="button-social linkedin" title="Share on LinkedIn" target="_blank" rel="noopener noreferrer" data-social-site="LinkedIn">Share</a>
<a href="https://www.facebook.com/sharer/sharer.php?u=https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations?utm_campaign=Embedded%2520Newsletters%2520FY23&utm_medium=email&_hsmi=272378106&_hsenc=p2ANqtz-8f7LmuHsI7Z5N3xd5JuV5nzI6StTs4Xp1Wi3OZMfzuwRF1gSCd2KPMy6R95ysjio0n-A4la6eOhlz7W0ZY3mLxIPgLteCNxiqbRpcY57DVuJndUa8&utm_content=272378647&utm_source=hs_email" class="button-social facebook" title="Share on Facebook" target="_blank" rel="noopener noreferrer" data-social-site="Facebook">Share</a>
<a href="https://twitter.com/intent/tweet?text=Embedded%20Systems%20Cybersecurity%20Regulations:%20How%20Legislation%20Is%20Responding%20to%20Security%20Threats%20%7C%20Digi%20International&aurl=https://www.digi.com/blog/post/embedded-systems-cybersecurity-regulations?utm_campaign=Embedded%2520Newsletters%2520FY23&utm_medium=email&_hsmi=272378106&_hsenc=p2ANqtz-8f7LmuHsI7Z5N3xd5JuV5nzI6StTs4Xp1Wi3OZMfzuwRF1gSCd2KPMy6R95ysjio0n-A4la6eOhlz7W0ZY3mLxIPgLteCNxiqbRpcY57DVuJndUa8&utm_content=272378647&utm_source=hs_email&;via=digidotcom" class="button-social twitter" title="Tweet on Twitter" target="_blank" rel="noopener noreferrer" data-social-site="Twitter">Tweet</a>
<script>
setup_social_button_tracking();
</script>
</div>
</div>
<p>
</p>
<div class="card-type-single left40off">
<a class="card-type1 card-type-document" href="https://www.digi.com/resources/library/white-papers/emerging-medical-device-cybersecurity-legislation" "=""><span class="card-image" style="background-image: url('/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations/MedicalDevice-thumbnail.JPG?lang=en-US');"> </span><span class="card-heading">Get Our White Paper</span><span class="card-teaser">Learn about emerging medical cybersecurity regulations</span><span class="card-link">DOWNLOAD PDF</span></a>
</div>Governments around the globe are ramping up cybersecurity regulations and there’s a growing question as to what that means for the developers and users of embedded systems.<p></p>
<p>Are embedded systems uniquely vulnerable to cybersecurity attacks? Is there cybersecurity legislation that specifically covers embedded system security? And, if not, does the evolving body of cybersecurity legislation apply to embedded
systems?</p>
<p>In this article, we’ll look at the common pain points for embedded system security, examine the US and global cybersecurity laws and regulations that attempt to address these pain points, and briefly outline what developers and users
of embedded systems can do to comply with cybersecurity compliance regulations.</p>
<h2>The Embedded Systems Security Landscape</h2>
<p><img alt="Embedded security concept image" class="center80" src="/getattachment/9b3b0ea2-4674-47d6-8221-59b8f25ff848/GettyImages-533354624-1280x720.jpg?lang=en-US"></p>
<p>Embedded developers operate in a vast landscape of embedded systems, tools, and methodologies in the quest to produce connected products. They come from many different disciplines, including software and hardware engineering, and bring
expertise in a range of supporting knowledge areas such as communication protocols, testing and certification and more. Today, one of the fastest growing disciplines is embedded system security. </p>
<h3>What Is an Embedded System?</h3>
<p>An embedded system is a specialized, self-contained computer system designed to perform a specific set of tasks within a larger system or device. Embedded systems exist in applications such as consumer electronics, automotive systems,
medical devices, and industrial control systems.</p>
<p><img alt="Manufacturing automation" class="center80" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations/GettyImages-1364316653x720.jpg?lang=en-US"></p>
<p>In industrial settings embedded systems are commonly used for tasks such as control and automation, monitoring of processes, managing equipment, and data collection and analysis. For example, in agriculture, embedded systems in
irrigation systems control the timing of watering, often based on moisture sensors. And in manufacturing and supply chain applications, embedded systems control robotics, automated assemblies and pick and pack machines. Consumer
technology also relies on embedded systems for automation and control; think smart home devices, wearable technology, home appliances, etc.</p>
<p>It’s worth noting that most IoT devices contain an embedded system, though not every embedded system is an IoT device. IoT connectivity means that the embedded system can now be monitored and managed from anywhere — but also attacked
from anywhere.</p>
<h3>Cybersecurity Risks Amplify As Embedded Systems Connect to the Internet</h3>
<p>Like every type of technology, embedded systems are vulnerable to a unique subset of cybersecurity attack vectors, which includes hardware security flaws, and vulnerability to attack strategies such as buffer overruns, man in the
middle, and denial of service.</p>
<p>These risks are, of course, not new. However, there’s a critical aspect that’s changed making embedded systems much more vulnerable than they used to be.</p>
<p>In the past embedded systems tended to function in relative isolation — operating within a device or group of devices that was linked to an internal network, but not the outside world. Today, devices that use embedded systems are
increasingly connected to the Internet.</p>
<p>Connecting a device to the internet by turning it into an IoT device greatly amplifies the cybersecurity risks:</p>
<ul>
<li><strong>Increased attack surface</strong>: Connected to the Internet, embedded systems become a part of a larger digital domain, which makes them more susceptible to attacks.</li>
<li><strong>Lack of security protocols</strong>: Slim security protocols designed for isolated devices are not sufficiently robust when the system is exposed to the Internet.</li>
<li><strong>Limited updates and patches</strong>: Updates and patches for embedded systems rarely keep up with the fast-moving nature of online threats.</li>
<li><strong>Integration with other systems</strong>: Embedded systems connected to the Internet commonly integrate with other connected systems e.g., cloud and mobile apps, which further enlarges the attack surface.</li>
</ul>
<p>Before the IoT revolution, attackers needed to be an insider or physically break into premises to launch an attack. Today, embedded systems — with all their flaws — are exposed to a global hacking community.</p>
<h3>Easy For Hackers to Reach — Hard For Users To Update</h3>
<p><img alt="Security bug concept" class="center80" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations-How-Leg/GettyImages-1092821610-1280x720.jpg?lang=en-US"></p>
<p>Embedded systems have unique security vulnerabilities but are also more difficult to keep secure than other technologies, for three key reasons:</p>
<ul>
<li><strong>Product lifecycle</strong>: Unlike many other technologies, embedded systems have service lives of decades - think about aircraft, defense systems, power plants, etc. Developers have the challenge of countering a lifetime of
unknown, unpredictable cybersecurity risks in the design phase.</li>
<li><strong>Difficult to update</strong>: Embedded systems can be physically hard to reach — think monitoring stations scattered across a large country, for example, or the control system embedded deep in a mine. Furthermore, it is
worth bearing in mind that battery powered devices are not always powered on and reachable to deploy updates.</li>
<li><strong>Lack of flexibility</strong>: The monolithic nature of the OS in some systems and the limited memory and processing capabilities of embedded hardware also cause restrictions to the type of security defenses developers can
add post market.</li>
</ul>
<p>That said, the difficulty of updating embedded systems varies - smart TVs or smartphones can be frequently updated with little inconvenience to the end user, but industrial control systems are harder to update.</p>
<h2>How Cybersecurity Regulation Is Responding to Threats</h2>
<p><img alt="Cybersecurity law concept" class="center80" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations-How-Leg/GettyImages-1406615102-1280x720.jpg?lang=en-US"></p>
<p>The difficulty of updating embedded devices sometimes makes manufacturers reluctant or unable to respond to threats. Best-of-breed manufacturers will always do what’s needed to ensure tight cybersecurity, but others will do the
minimum. In other words, it’s a job for regulators.</p>
<h3>Embedded Systems Cybersecurity Regulations</h3>
<p>There is no regulation specific to embedded systems. Nonetheless, embedded systems are covered by cybersecurity compliance regulations by virtue of the nature and applications of the device that contains the embedded system.</p>
<p>For example, a medical device such as an X-ray machine containing an embedded controller could be covered by cybersecurity regulations for medical devices. Likewise, the embedded technology inside an IoT device — a connected
thermometer for example — could be covered under IoT cybersecurity regulation.</p>
<p>We can’t comprehensively cover every cybersecurity law that applies to embedded systems, but in this section, we’ll provide an overview that outlines just how broad (and how new) much of this regulation is.</p>
<h3>New Cybersecurity Regulations in the US</h3>
<p><img alt="Embedded cybersecurity law concept" class="center80" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations/GettyImages-1329305614x1280.jpg?lang=en-US"></p>
<p>In the US, many efforts to improve cybersecurity are underway, some of which apply to devices using embedded systems. That includes laws that cover IoT security requirements, and sector-specific regulation affecting e.g., healthcare
and financial services.</p>
<p>Take connected medical devices, for example. In 2022, the <a href="https://www.appropriations.senate.gov/imo/media/doc/JRQ121922.PDF">FDA Act</a> was amended by adding a requirement for connected medical devices — including the need to
monitor devices while in the market, a software bill of materials (SBOM), and time windows for patching.</p>
<p>The new legislation carries implications for the embedded systems integrated into connected medical devices. Similarly, in financial services, requirements around e.g.,
<a href="https://www.pcisecuritystandards.org/">Payment Card Industry Data Security Standard</a> (PCI-DSS) would apply to the embedded systems inside devices that handle payment card data.</p>
<p>Thinking about California cybersecurity regulations, California passed <a href="https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327">SB-327</a> covering cybersecurity and privacy in the IoT sector,
including requiring manufacturers to assign unique preprogrammed passwords to each device, while the California IoT law (SB-327) also requires manufacturers to take reasonable security measures.</p>
<p>In terms of Federal cybersecurity regulations, the <a href="https://www.congress.gov/bill/116th-congress/house-bill/1668/text">IoT Cybersecurity Improvement Act of 2020</a> focuses on IoT devices used by federal agencies but
nonetheless indirectly impacts consumer products. Again, because IoT devices tend to contain embedded systems it means that the Act has implications for embedded technology cybersecurity.</p>
<h3>Global Cybersecurity Regulations</h3>
<p>EU regulation has significant reach because global manufacturers would ensure their device complies simply to sell into the EU market — which means that in effect, EU law reaches globally. In the EU, the laws that can affect embedded
system cybersecurity include:</p>
<ul>
<li><a href="https://single-market-economy.ec.europa.eu/news/commission-strengthens-cybersecurity-wireless-devices-and-products-2021-10-29_en"><strong>Radio Equipment Directive (RED)</strong></a>: Applies cybersecurity requirements to
devices that contain radio equipment components, such as Bluetooth or Wi-Fi modules, regardless of whether said devices are finally interconnected or not, which again commonly go hand-in-hand with an embedded system inside devices.
</li>
<li><a href="https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0745"><strong>Regulations for medical devices (MDR)</strong></a> and
<a href="https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0746"><strong>in vitro diagnostic medical devices (IVDR)</strong></a>: These regulations outline cybersecurity requirements for medical devices in the EU,
including post-market surveillance, incident reporting, traceability, and testing.</li>
<li><a href="https://digital-strategy.ec.europa.eu/en/policies/nis2-directive"><strong>NIS2 Directive</strong></a>: Applies to highly critical sectors, which commonly deploy embedded systems — with a focus on the security of network and
information systems.</li>
</ul>
<p>Other acts such as the <a href="https://commission.europa.eu/law/law-topic/data-protection/data-protection-eu_en">General Data Protection Regulation (GDPR)</a> and the
<a href="https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act">EU Cybersecurity Act</a> will also have implications for embedded technology, while signs are that the
<a href="https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act">Cyber Resilience Act (CRA)</a> will cover many applications where embedded systems are commonplace.</p>
<p>Individual countries also apply their own laws. For example, in 2020, the Japanese Ministry of Economy, Trade and Industry (METI) announced its
<a href="https://www.meti.go.jp/english/press/2020/1105_002.html">IoT Security and Safety Framework (IoT-SSF)</a>. The framework evaluates security measures for IoT devices and systems, as well as new risks introduced by the integration
of cyberspace and physical spaces.</p>
<h3>IoT Cybersecurity Standards Behind Legislation</h3>
<p>It’s worth noting that some of the regulations and guidelines summarized in this section are based on existing IoT cybersecurity standards such as <a href="https://www.etsi.org/technologies/consumer-iot-security">EN 303 645</a> and
<a href="https://www.iec.ch/blog/understanding-iec-62443">IEC 62443-4-2</a>.</p>
<p>Therefore, it’s advisable to take broader IoT security standards into account when evaluating the design of connected embedded systems.</p>
<p>Particularly for products that will be shipped to Europe in 2024 and later, manufacturers should seek proof that their products meet these standards or obtain a third-party certification as needed.</p>
<p>As for the US, there is also the NIST Cybersecurity for IoT Program, <a href="https://csrc.nist.gov/publications/detail/nistir/8259a/final">NISTIR 8259A</a>: Core Device Cybersecurity Capability Baseline (May 29, 2020) which should be
considered by manufacturers of IoT devices.</p>
<h2>Security Requirements for IoT Devices</h2>
<p><img alt="Embedded system lifecycle" class="center50" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations/Digi-connectcore-design-develop-deploy-manage.png?lang=en-US"></p>
<p>We’ve outlined why embedded system cybersecurity is becoming so critical: devices with embedded technology are now commonly also IoT devices, simply because we’re living in a more connected world.</p>
<h3>Fundamental Embedded Systems Security Requirements in IoT</h3>
<p>Securing IoT devices and the embedded systems inside means starting off with embedded system security good practices. That includes established techniques such as:</p>
<ul>
<li><strong>Root of trust </strong>which provides essential functions to enable trusted boot, cryptography, attestation and secure storage. The root of trust is used to keep private crypto keys (encrypted data) confidential and
unaltered, protected by hardware mechanisms.</li>
<li><strong>Secure boot</strong> that leverages the signature provided by a device trust anchor to ensure that software running on a device is authentic and has not been tampered with.</li>
<li><strong>Executable space protection</strong> which marks specific memory regions as non-executable so that an attempt to execute machine code in those regions causes an exception.</li>
<li><strong>Stack canaries</strong> to allow the operating system to detect a stack buffer overflow before executing malicious code.</li>
</ul>
<p>But these are fundamental embedded security design decisions; device manufacturers must also ensure that they can adapt to the changing threats of an online world throughout the lifecycle of a product and to the related compliance
and regulations for cybersecurity.</p>
<h3>Security Requirements in IoT Architecture</h3>
<p>The rapid pace at which cybersecurity risks are evolving means that the security capabilities of devices must be managed <em>once they’re already in the market</em>. Strategies to meet today’s security requirements in IoT architecture
include:</p>
<ul>
<li><strong>Product lifecycle management</strong>: Use cloud-based monitoring and update services to ensure compliance with cybersecurity legislation at every stage of a device's lifecycle, from approval to end-of-life.</li>
<li><strong>Transparency and compliance</strong>: Maintain a comprehensive analysis to build a custom SBOM, while monitoring for vulnerabilities throughout the life of the device — allowing manufacturers to fulfill their transparency
obligations by identifying critical vulnerabilities as they emerge.</li>
<li><strong>Threat response</strong>: Maintain the ability to promptly push critical updates to address any emerging vulnerabilities while the embedded system operates in the user setting.</li>
</ul>
<p>Making these suggestions is the easy part, of course. Implementing it in the context of embedded systems is another question. It comes down to the toolset.</p>
<h2>Digi Solutions for Embedded System Security</h2>
<p>Developers, systems integrators and manufacturers need an integrated IoT security system that allows them to manage the security of a fleet of IoT devices across the product lifecycle: from release into the market, right to end of
life.</p>
<p><img alt="Digi ConnectCore Security Services" class="center80" src="/getattachment/Blog/post/Embedded-Systems-Cybersecurity-Regulations/digi-connectcore-security-diagram-2-a9.jpg?lang=en-US"></p>
<p> </p>
<p>Digi supports the full lifecycle of development, testing, security integration and ongoing management with a full suite of developer building blocks — including the
<a href="https://www.digi.com/products/embedded-systems/digi-connectcore">Digi ConnectCore family of highly integrated system-on-modules</a> — and tools for rapid product design, wireless integration, embedded security and ongoing
lifecycle management.</p>
<p>That includes leveraging our IoT security framework
<a aria-label="Link Digi TrustFence®" href="https://www.digi.com/solutions/by-technology/trustfence" rel="noreferrer noopener" title="https://www.digi.com/solutions/by-technology/trustfence">Digi TrustFence®</a> that enables
manufacturers to easily integrate device security, device identity, and data privacy capabilities into their product design. In combination with the use of services such as
<a aria-label="Link Digi ConnectCore® Security Services" href="https://www.digi.com/products/embedded-systems/digi-connectcore/software-and-tools/security-services" rel="noreferrer noopener" title="https://www.digi.com/products/embedded-systems/digi-connectcore/software-and-tools/security-services">Digi ConnectCore® Security Services</a>
that monitor threats once the device is in service, and that enable manufacturers to integrate fixes for identified vulnerabilities, and
<a aria-label="Link Digi ConnectCore Cloud Services" href="https://www.digi.com/products/embedded-systems/digi-connectcore/software-and-tools/cloud-services" rel="noreferrer noopener" title="https://www.digi.com/products/embedded-systems/digi-connectcore/software-and-tools/cloud-services">Digi ConnectCore Cloud Services</a>
to securely publish and deploy device updates to counter new threats.</p>
<p>By designing for security from the outset, and ensuring active security management across the product lifecycle, OEMs building with embedded systems can comply with the growing volume of IoT and industry-specific
embedded cybersecurity regulations. Digi's suite's of SOMs and developer tools and services can help you achieve these goals. And if you need engineering support to help bring your connected system through the product development cycle
for rapid time-to-market and meet all of today's requirements, <a href="https://www.digi.com/products/iot-software-services/wireless-design-services">Digi Wireless Design Services</a> can help.</p>
<p><em>You can find out more about how Digi’s range of management and security solutions for embedded systems can help your organization comply with cybersecurity
</em><a href="https://www.digi.com/products/embedded-systems/digi-connectcore"><em>by visiting the Digi ConnectCore Embedded Solutions page here</em></a>.</p>
<h3>Next Steps</h3>
<ul>
<li>Ready to talk to a Digi expert? <a href="https://www.digi.com/contactus" target="_self">Contact us</a></li>
<li>Want to hear more from Digi? <a href="https://www.digi.com/newsletter" target="_self">Sign up for our newsletter</a></li>
<li>Or shop now for Digi solutions: <a href="https://www.digi.com/how-to-buy" target="_self">How to buy</a></li>
</ul>
<script>
digi_ready(function() {
page_scroller();
});
</script>
</div>
</div>
<div class="nav-sticky column-rightnav filter-rightnav">
<a class="nav-mobile" href="javascript:toggle_rightnav();">Explore the Blog</a>
<div>
<h4>Explore the Blog</h4>
<ul>
<li><a href="/blog/category/iot-trends">IoT Trends</a></li>
<li><a href="/blog/category/technical-insights">Technical Insights</a></li>
<li><a href="/blog/category/applications">Applications</a></li>
<li><a href="/blog/popular-topics">Popular Topics</a></li>
<li><a href="/blog/meet-the-team">Meet the Team</a></li>
<li><a href="/blog/subscribe">Subscribe</a></li>
</ul>
<div class="container-form blog-search">
<input type="text" placeholder="Search the blog" id="bq" name="bq">
<input type="submit" class="searchsubmit" id="bqsubmit" value=" ">
<script>
$(document).ready(function() {
$('#bqsubmit').on('click', function(d) {
d.preventDefault();
window.location = '/blog/search?searchtext=' + $('#bq').val();
});
$('#bq').on('keypress', function(e) {
if (e.keyCode == 13) {
e.preventDefault();
window.location = '/blog/search?searchtext=' + $('#bq').val();
}
});
});
</script>
</div>
</div>
<div class="posttags">
<h3 class="mt-4">Tagged</h3><a href="/blog/tag/embedded">Embedded</a>
<a href="/blog/tag/iot">IoT</a>
<a href="/blog/tag/security">Security</a>
</div>
</div>
</div>
</div>
<div class="ribbon-cards grey">
<div class="container">
<h3>Related Content</h3>
<div class="filter-type-related">
<a href="javascript:filter_related_resources('all');" title="Show all resources" id="type_all" class="selected">All <span>(10)</span></a><a href="javascript:filter_related_resources('product');" title="Show all products" id="type_product">Products <span>(3)</span></a><a href="javascript:filter_related_resources('video');" title="Show all videos" id="type_video">Videos <span>(2)</span></a><a href="javascript:filter_related_resources('whitepaper');" title="Show all white papers" id="type_whitepaper">White Papers <span>(2)</span></a><a href="javascript:filter_related_resources('blog');" title="Show all blog posts" id="type_blog">Blog Post <span>(1)</span></a><a href="javascript:filter_related_resources('other');" title="Show all other resources" id="type_other">Other <span>(2)</span></a>
</div>
<div class="cards-type1">
<a href="/resources/videos/digi-connectcore-cloud-services" class="card-type1 card-type-video" data-content-type="video" data-product-interest="som">
<span class="card-image"><img src="/getattachment/Resources/Videos/Digi-ConnectCore-Cloud-Services/cc-cloud-services-web-new.jpg?lang=en-US&width=480&height=270&ext=.jpg" alt="Digi ConnectCore Cloud Services" loading="lazy"></span>
<span class="card-heading">Digi ConnectCore Cloud Services</span>
<span class="card-teaser">The world of IoT is changing, and today OEMs building connected products are expected to build in the capability to perform...</span>
<span class="card-link">WATCH VIDEO</span>
</a>
<a href="/resources/videos/digi-connectcore-security-services" class="card-type1 card-type-video" data-content-type="video" data-product-interest="som">
<span class="card-image"><img src="/getattachment/94704ba1-05c9-4a41-859d-b2b74fa45d52/Digi-ConnectCore-Security-Services_final-thumb.png?lang=en-US&width=1400&height=790&ext=.png" alt="Digi ConnectCore Security Services" loading="lazy"></span>
<span class="card-heading">Digi ConnectCore Security Services</span>
<span class="card-teaser">The Digi ConnectCore® ecosystem of system-on-modules, tools, libraries and services enables rapid development of commercial...</span>
<span class="card-link">WATCH VIDEO</span>
</a>
<a href="/resources/library/white-papers/emerging-medical-device-cybersecurity-legislation" class="card-type1 card-type-document" data-content-type="whitepaper" data-product-interest="embedded|som|security">
<span class="card-image"><img src="https://hub.digi.com/dp/image/path=/marketing/asset/emerging-medical-device-cybersecurity-legislation-wp?q=70" alt="Emerging Medical Device Cybersecurity Legislation" loading="lazy"></span>
<span class="card-heading">Emerging Medical Device Cybersecurity Legislation</span>
<span class="card-teaser">Today governments are making a more proactive move from best practice guidance to enforcement by turning that guidance into law.</span>
<span class="card-link">VIEW PDF</span>
</a>
<a href="/blog/post/key-strategies-for-embedded-systems-security" class="card-type1 card-type-blog" data-content-type="blog">
<span class="card-image"><img src="/getattachment/ee15cd2d-0476-45f7-9ea6-43e2168b40d5/GettyImages-1397398956-1280x720.jpg?width=640" alt="Key Strategies for Embedded Systems Security" loading="lazy"></span>
<span class="card-heading">Key Strategies for Embedded Systems Security</span>
<span class="card-teaser">In this article, we outline what’s changed around cybersecurity for embedded products, why there is little time left to respond...</span>
<span class="card-link">READ BLOG</span>
</a>
<a href="/products/embedded-systems/digi-connectcore/system-on-modules" class="card-type1 card-type-product" data-content-type="product">
<span class="card-image"><img src="/getattachment/Products/Embedded-Systems/Digi-ConnectCore/System-on-Modules/thumbnail.jpg" alt="System-on-Modules" loading="lazy"></span>
<span class="card-heading">System-on-Modules</span>
<span class="card-teaser">Best-in-class, secure, reliable embedded SOM solution with integrated wireless connectivity</span>
<span class="card-link">VIEW PRODUCTS</span>
</a>
<a href="/products/embedded-systems/digi-connectcore/software-and-tools/security-services" class="card-type1 card-type-product" data-content-type="product">
<span class="card-image"><img src="/products/assets/digi-connectcore/digi-connectcore-security-services-badge" alt="Digi ConnectCore Security Services" loading="lazy"></span>
<span class="card-heading">Digi ConnectCore Security Services</span>
<span class="card-teaser">Keep your product secure during the entire product lifecycle
</span>
<span class="card-link">VIEW PRODUCT</span>
</a>
<a href="/products/embedded-systems/digi-connectcore/software-and-tools/cloud-services" class="card-type1 card-type-product" data-content-type="product">
<span class="card-image"><img src="/products/assets/digi-connectcore/digi-connectcore-cloud-services-badge" alt="Digi ConnectCore Cloud Services" loading="lazy"></span>
<span class="card-heading">Digi ConnectCore Cloud Services</span>
<span class="card-teaser">Integrated edge-to-cloud connectivity
</span>
<span class="card-link">VIEW PRODUCT</span>
</a>
<a href="/products/iot-software-services/wireless-design-services" class="card-type1 card-type-generic" data-content-type="other">
<span class="card-image"><img src="/getattachment/Products/IoT-Software-Services/Wireless-Design-Services/thumbnail.png" alt="Wireless Design Services" loading="lazy"></span>
<span class="card-heading">Wireless Design Services</span>
<span class="card-teaser">Digi wireless design services help companies solve business problems by embedding wireless technologies to create innovative M2M products</span>
<span class="card-link"></span>
</a>
<a href="/solutions/by-technology/trustfence" class="card-type1 card-type-generic" data-content-type="other">
<span class="card-image"><img src="/getattachment/Resources/Standards-and-Technologies/TrustFence/featured-trustfence.jpg" alt="Device-Security Framework - Digi TrustFence" loading="lazy"></span>
<span class="card-heading">Device-Security Framework - Digi TrustFence</span>
<span class="card-teaser">Digi TrustFence is a device-security framework that simplifies the process of securing connected devices.</span>
<span class="card-link">I WANT THAT</span>
</a>
<a href="/resources/library/white-papers/digi-iot-device-security-nxp-wp" class="card-type1 card-type-document" data-content-type="whitepaper" data-product-interest="embedded|security">
<span class="card-image"><img src="https://hub.digi.com/dp/image/path=/marketing/asset/10-security-factors-every-device-designer-should-consider-tb?q=70" alt="The 10 Security Factors Every Device Designer Should Consider" loading="lazy"></span>
<span class="card-heading">The 10 Security Factors Every Device Designer Should Consider</span>
<span class="card-teaser">For design engineers who are striving to enhance the security of their IoT devices, there are numerous options at hand. Here are 10 proven strategies that engineers can use to improve device security.</span>
<span class="card-link">VIEW PDF</span>
</a>
</div>
</div>
</div>
</div>
<footer id="footer2018">
<div class="container">
<div class="colthree">
<a href="/" title="Back to home"><img src="/digi/media/nav/logo-digi-white-svg.svg" alt="Digi Logo" class="logo"></a>
<div class="social">
<a href="https://www.linkedin.com/company/digi-international" title="LinkedIn" rel="noopener noreferrer"><img src="/digi/media/nav/nav-social-linkedin-white.png" alt="LinkedIn"></a>
<a href="https://www.facebook.com/digi.international/" title="Facebook" rel="noopener noreferrer"><img src="/digi/media/nav/nav-social-facebook-white.png" alt="Facebook"></a>
<a href="https://twitter.com/digidotcom" title="Twitter" rel="noopener noreferrer"><img src="/digi/media/nav/nav-social-twitter-white.png" alt="Twitter"></a>
<a href="https://www.youtube.com/user/Digidotcom" title="YouTube" rel="noopener noreferrer"><img src="/digi/media/nav/nav-social-youtube-white.png" alt="YouTube"></a>
<a href="https://github.com/digidotcom" title="GitHub" rel="noopener noreferrer"><img src="/digi/media/nav/nav-social-github-white.png" alt="GitHub"></a>
</div>
<div class="icons">
<a href="/company/ecia"><img src="/digi/media/nav/logo-ecia-white.png" alt="ECIA Member"></a>
</div>
</div>
<div class="colthree">
<div class="links">
<div class="coltwo">
<a href="/company">About Digi</a>
<a href="/partner-portal" target="_blank" rel="noopener noreferrer">Partner Login</a>
<a href="/company/leadership">Leadership</a>
<a href="/company/locations">Locations</a>
<a href="/company/export">Export Policy</a>
<a href="/company/careers">Careers</a>
<a href="/company/investorrelations">Investor Relations</a>
<a href="/company/quality">Quality</a>
<a href="/company/environment">Environment</a>
<a href="/resources/certifications">Product Certifications</a>
</div>
<div class="coltwo">
<a href="/company/press-releases">Press Releases</a>
<a href="/company/media-coverage">Media Coverage</a>
<a href="/resources/events">Global Events</a>
<a href="/company/sites">Other Digi Sites</a>
<a href="/legal">Legal</a>
<a href="/legal/privacy">Privacy Policy</a>
<a href="/legal/cookies">Cookie Policy</a>
<a href="/sitemap">Site Map</a>
<a href="/newsletter">Newsletter Signup</a>
</div>
</div>
</div>
<div class="colthree" id="cta">
<a href="/contactus">Contact a <br>Digi Expert <br></a>
</div>
<div class="copyright">©2023 Digi International Inc. <br>All rights reserved.</div>
</div>
</footer><a href="#nav" onclick="scroll_down_to('body'); return false;" class="scrollup"><img src="/digi/media/home/scroll-arrow-up.png" alt="Scroll to top of page"></a>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="VrtGo3HcU0dRwslonecORz4zrmTCqams+TTBnpuUBNqTsXAIwf46E4VGYShtDSSZsquNAaL3THqV24jSaW8/LNTCvQVB4br8Z+NjgJwW0sIcNTB2755yNsiZZzi4Tcdz2Av+hODLN1S4Ge0EzXlN74nviWC9tUXri8B5I+zMq6htSS8szBlY7R8Msrs7jjTZN1hu0PLnxTWF22Kxrku7RwWdmnReuPABJHpJvuPYAKoXoysqBJJoCi3WyNtOT2Dg4JkHU/c1c0rm62zkxIPYBov+hVQ6jqIv/Vur+u876RIWHGb4p8t4SSI2I6pCVU6fbmFJ4AoV3zgP7ajKij8YwRscCzreHrj4ZSxQvTyZwqkuwHSpc+/Y33XtJ+ux68bWKfcp6rT9469MiN5Rgl8Ewk2QNDtHgOgKX+UKP/U2QSYS2dchbWMl5IYO0w+Wj48VGJqtOC3HmaZvElGbIx6fRUtIJ9Wpg5XX6JTCbgGTdRVC6zLJ/nN4gdipQHGJVoYsDS+UIqyI6IhXkqv3hQ4qMC/VmdogwxyZu9uWTB1GAf0F2/YHJUsBrB912vq7aNHF4hAyU0GsvGleQ0dE2mrjpNP89EHGJPXN6AnSGgN39HS8VC01jbuOKAzDVdpUP+3s8y+41Q==">
<script type="text/javascript">
//<![CDATA[
if (window.WebForm_InitCallback) {
__theFormPostData = '';
__theFormPostCollection = new Array();
window.WebForm_InitCallback();
}
//]]>
</script>
</form>Text Content
EnglishEspañolDeutsch中文 * Customer Stories * Blog * How to Buy * Contact Us * About Digi Awards Careers Environment Export Policy Investor Relations Leadership Locations Media Coverage Partners Press Releases * IoT Products and Services Embedded Systems Digi XBee Ecosystem RF Modules Cellular Modems Intelligent Edge Controller Gateways Tools Digi ConnectCore System-on-Modules Single Board Computers Cloud Services Security Services IoT Development Kits Networking Systems Cellular Routers Enterprise Routers Industrial Routers Transportation Routers Gateways Infrastructure Management Industrial Automation USB Connectivity Serial Connectivity Console Servers IoT Software and Services Digi Remote Manager Digi WAN Bonding Digi Containers Professional Services Managed Connectivity Services Implementation Services Application Development Wireless Design Services TrustFence Security Framework Featured 5G LoRaWAN FirstNet Private LTE/CBRS Zigbee USB Over IP/AnywhereUSB XCTU Digi TrustFence / Built-in security framework for the IoT * SmartSense * Solutions Solutions by Application Mobile Networks for Public Safety and Emergency Services Asset and Inventory Monitoring Environmental Monitoring Digital Signage Remote Worker Green Technology Traffic Management Public Transit Logistics Positive Train Control (PTC) Contact Tracing More Applications Solutions by Technology Go-To 5G Connectivity Digi ConnectCore Voice Control LoRaWAN Cellular Failover Fixed Wireless Access Edge Computing FirstNet Private LTE Based on CBRS SD-WAN Out-of-Band Management Zigbee Wireless Mesh Networking More Technologies Solutions by Industry Energy Smart Cities Medical Industrial Retail Transportation Education * Resources Resource Library White Papers Datasheets Solution Briefs Technical Briefs Videos Examples and Guides Project Gallery Security Center Certifications Logos and Product Photography More Resources Press Releases Media Coverage Events Webinars * Support Support Resources Get the latest product updates, downloads and patches. Drivers Firmware Documentation Software Browse by Product Support Services Get the help you need to keep your Digi solutions running smoothly. Expert Support Connectivity Services Professional Services Wireless Design Services View Support Plans Customer Portal Login Knowledge Base Articles Security Center Support Forum Return Authorization (RA) Policy Warranty Registration Digi Support Policy * Search Home/Blog / Embedded Systems Cybersecurity Regulations: How Legislation Is Responding to Security Threats Download: Accelerate Device Design Without Sacrificing Security EMBEDDED SYSTEMS CYBERSECURITY REGULATIONS: HOW LEGISLATION IS RESPONDING TO SECURITY THREATS Miguel Perez, OEM Product Manager, Digi International August 29, 2023 Share Share Tweet Get Our White PaperLearn about emerging medical cybersecurity regulationsDOWNLOAD PDF Governments around the globe are ramping up cybersecurity regulations and there’s a growing question as to what that means for the developers and users of embedded systems. Are embedded systems uniquely vulnerable to cybersecurity attacks? Is there cybersecurity legislation that specifically covers embedded system security? And, if not, does the evolving body of cybersecurity legislation apply to embedded systems? In this article, we’ll look at the common pain points for embedded system security, examine the US and global cybersecurity laws and regulations that attempt to address these pain points, and briefly outline what developers and users of embedded systems can do to comply with cybersecurity compliance regulations. THE EMBEDDED SYSTEMS SECURITY LANDSCAPE Embedded developers operate in a vast landscape of embedded systems, tools, and methodologies in the quest to produce connected products. They come from many different disciplines, including software and hardware engineering, and bring expertise in a range of supporting knowledge areas such as communication protocols, testing and certification and more. Today, one of the fastest growing disciplines is embedded system security. WHAT IS AN EMBEDDED SYSTEM? An embedded system is a specialized, self-contained computer system designed to perform a specific set of tasks within a larger system or device. Embedded systems exist in applications such as consumer electronics, automotive systems, medical devices, and industrial control systems. In industrial settings embedded systems are commonly used for tasks such as control and automation, monitoring of processes, managing equipment, and data collection and analysis. For example, in agriculture, embedded systems in irrigation systems control the timing of watering, often based on moisture sensors. And in manufacturing and supply chain applications, embedded systems control robotics, automated assemblies and pick and pack machines. Consumer technology also relies on embedded systems for automation and control; think smart home devices, wearable technology, home appliances, etc. It’s worth noting that most IoT devices contain an embedded system, though not every embedded system is an IoT device. IoT connectivity means that the embedded system can now be monitored and managed from anywhere — but also attacked from anywhere. CYBERSECURITY RISKS AMPLIFY AS EMBEDDED SYSTEMS CONNECT TO THE INTERNET Like every type of technology, embedded systems are vulnerable to a unique subset of cybersecurity attack vectors, which includes hardware security flaws, and vulnerability to attack strategies such as buffer overruns, man in the middle, and denial of service. These risks are, of course, not new. However, there’s a critical aspect that’s changed making embedded systems much more vulnerable than they used to be. In the past embedded systems tended to function in relative isolation — operating within a device or group of devices that was linked to an internal network, but not the outside world. Today, devices that use embedded systems are increasingly connected to the Internet. Connecting a device to the internet by turning it into an IoT device greatly amplifies the cybersecurity risks: * Increased attack surface: Connected to the Internet, embedded systems become a part of a larger digital domain, which makes them more susceptible to attacks. * Lack of security protocols: Slim security protocols designed for isolated devices are not sufficiently robust when the system is exposed to the Internet. * Limited updates and patches: Updates and patches for embedded systems rarely keep up with the fast-moving nature of online threats. * Integration with other systems: Embedded systems connected to the Internet commonly integrate with other connected systems e.g., cloud and mobile apps, which further enlarges the attack surface. Before the IoT revolution, attackers needed to be an insider or physically break into premises to launch an attack. Today, embedded systems — with all their flaws — are exposed to a global hacking community. EASY FOR HACKERS TO REACH — HARD FOR USERS TO UPDATE Embedded systems have unique security vulnerabilities but are also more difficult to keep secure than other technologies, for three key reasons: * Product lifecycle: Unlike many other technologies, embedded systems have service lives of decades - think about aircraft, defense systems, power plants, etc. Developers have the challenge of countering a lifetime of unknown, unpredictable cybersecurity risks in the design phase. * Difficult to update: Embedded systems can be physically hard to reach — think monitoring stations scattered across a large country, for example, or the control system embedded deep in a mine. Furthermore, it is worth bearing in mind that battery powered devices are not always powered on and reachable to deploy updates. * Lack of flexibility: The monolithic nature of the OS in some systems and the limited memory and processing capabilities of embedded hardware also cause restrictions to the type of security defenses developers can add post market. That said, the difficulty of updating embedded systems varies - smart TVs or smartphones can be frequently updated with little inconvenience to the end user, but industrial control systems are harder to update. HOW CYBERSECURITY REGULATION IS RESPONDING TO THREATS The difficulty of updating embedded devices sometimes makes manufacturers reluctant or unable to respond to threats. Best-of-breed manufacturers will always do what’s needed to ensure tight cybersecurity, but others will do the minimum. In other words, it’s a job for regulators. EMBEDDED SYSTEMS CYBERSECURITY REGULATIONS There is no regulation specific to embedded systems. Nonetheless, embedded systems are covered by cybersecurity compliance regulations by virtue of the nature and applications of the device that contains the embedded system. For example, a medical device such as an X-ray machine containing an embedded controller could be covered by cybersecurity regulations for medical devices. Likewise, the embedded technology inside an IoT device — a connected thermometer for example — could be covered under IoT cybersecurity regulation. We can’t comprehensively cover every cybersecurity law that applies to embedded systems, but in this section, we’ll provide an overview that outlines just how broad (and how new) much of this regulation is. NEW CYBERSECURITY REGULATIONS IN THE US In the US, many efforts to improve cybersecurity are underway, some of which apply to devices using embedded systems. That includes laws that cover IoT security requirements, and sector-specific regulation affecting e.g., healthcare and financial services. Take connected medical devices, for example. In 2022, the FDA Act was amended by adding a requirement for connected medical devices — including the need to monitor devices while in the market, a software bill of materials (SBOM), and time windows for patching. The new legislation carries implications for the embedded systems integrated into connected medical devices. Similarly, in financial services, requirements around e.g., Payment Card Industry Data Security Standard (PCI-DSS) would apply to the embedded systems inside devices that handle payment card data. Thinking about California cybersecurity regulations, California passed SB-327 covering cybersecurity and privacy in the IoT sector, including requiring manufacturers to assign unique preprogrammed passwords to each device, while the California IoT law (SB-327) also requires manufacturers to take reasonable security measures. In terms of Federal cybersecurity regulations, the IoT Cybersecurity Improvement Act of 2020 focuses on IoT devices used by federal agencies but nonetheless indirectly impacts consumer products. Again, because IoT devices tend to contain embedded systems it means that the Act has implications for embedded technology cybersecurity. GLOBAL CYBERSECURITY REGULATIONS EU regulation has significant reach because global manufacturers would ensure their device complies simply to sell into the EU market — which means that in effect, EU law reaches globally. In the EU, the laws that can affect embedded system cybersecurity include: * Radio Equipment Directive (RED): Applies cybersecurity requirements to devices that contain radio equipment components, such as Bluetooth or Wi-Fi modules, regardless of whether said devices are finally interconnected or not, which again commonly go hand-in-hand with an embedded system inside devices. * Regulations for medical devices (MDR) and in vitro diagnostic medical devices (IVDR): These regulations outline cybersecurity requirements for medical devices in the EU, including post-market surveillance, incident reporting, traceability, and testing. * NIS2 Directive: Applies to highly critical sectors, which commonly deploy embedded systems — with a focus on the security of network and information systems. Other acts such as the General Data Protection Regulation (GDPR) and the EU Cybersecurity Act will also have implications for embedded technology, while signs are that the Cyber Resilience Act (CRA) will cover many applications where embedded systems are commonplace. Individual countries also apply their own laws. For example, in 2020, the Japanese Ministry of Economy, Trade and Industry (METI) announced its IoT Security and Safety Framework (IoT-SSF). The framework evaluates security measures for IoT devices and systems, as well as new risks introduced by the integration of cyberspace and physical spaces. IOT CYBERSECURITY STANDARDS BEHIND LEGISLATION It’s worth noting that some of the regulations and guidelines summarized in this section are based on existing IoT cybersecurity standards such as EN 303 645 and IEC 62443-4-2. Therefore, it’s advisable to take broader IoT security standards into account when evaluating the design of connected embedded systems. Particularly for products that will be shipped to Europe in 2024 and later, manufacturers should seek proof that their products meet these standards or obtain a third-party certification as needed. As for the US, there is also the NIST Cybersecurity for IoT Program, NISTIR 8259A: Core Device Cybersecurity Capability Baseline (May 29, 2020) which should be considered by manufacturers of IoT devices. SECURITY REQUIREMENTS FOR IOT DEVICES We’ve outlined why embedded system cybersecurity is becoming so critical: devices with embedded technology are now commonly also IoT devices, simply because we’re living in a more connected world. FUNDAMENTAL EMBEDDED SYSTEMS SECURITY REQUIREMENTS IN IOT Securing IoT devices and the embedded systems inside means starting off with embedded system security good practices. That includes established techniques such as: * Root of trust which provides essential functions to enable trusted boot, cryptography, attestation and secure storage. The root of trust is used to keep private crypto keys (encrypted data) confidential and unaltered, protected by hardware mechanisms. * Secure boot that leverages the signature provided by a device trust anchor to ensure that software running on a device is authentic and has not been tampered with. * Executable space protection which marks specific memory regions as non-executable so that an attempt to execute machine code in those regions causes an exception. * Stack canaries to allow the operating system to detect a stack buffer overflow before executing malicious code. But these are fundamental embedded security design decisions; device manufacturers must also ensure that they can adapt to the changing threats of an online world throughout the lifecycle of a product and to the related compliance and regulations for cybersecurity. SECURITY REQUIREMENTS IN IOT ARCHITECTURE The rapid pace at which cybersecurity risks are evolving means that the security capabilities of devices must be managed once they’re already in the market. Strategies to meet today’s security requirements in IoT architecture include: * Product lifecycle management: Use cloud-based monitoring and update services to ensure compliance with cybersecurity legislation at every stage of a device's lifecycle, from approval to end-of-life. * Transparency and compliance: Maintain a comprehensive analysis to build a custom SBOM, while monitoring for vulnerabilities throughout the life of the device — allowing manufacturers to fulfill their transparency obligations by identifying critical vulnerabilities as they emerge. * Threat response: Maintain the ability to promptly push critical updates to address any emerging vulnerabilities while the embedded system operates in the user setting. Making these suggestions is the easy part, of course. Implementing it in the context of embedded systems is another question. It comes down to the toolset. DIGI SOLUTIONS FOR EMBEDDED SYSTEM SECURITY Developers, systems integrators and manufacturers need an integrated IoT security system that allows them to manage the security of a fleet of IoT devices across the product lifecycle: from release into the market, right to end of life. Digi supports the full lifecycle of development, testing, security integration and ongoing management with a full suite of developer building blocks — including the Digi ConnectCore family of highly integrated system-on-modules — and tools for rapid product design, wireless integration, embedded security and ongoing lifecycle management. That includes leveraging our IoT security framework Digi TrustFence® that enables manufacturers to easily integrate device security, device identity, and data privacy capabilities into their product design. In combination with the use of services such as Digi ConnectCore® Security Services that monitor threats once the device is in service, and that enable manufacturers to integrate fixes for identified vulnerabilities, and Digi ConnectCore Cloud Services to securely publish and deploy device updates to counter new threats. By designing for security from the outset, and ensuring active security management across the product lifecycle, OEMs building with embedded systems can comply with the growing volume of IoT and industry-specific embedded cybersecurity regulations. Digi's suite's of SOMs and developer tools and services can help you achieve these goals. And if you need engineering support to help bring your connected system through the product development cycle for rapid time-to-market and meet all of today's requirements, Digi Wireless Design Services can help. You can find out more about how Digi’s range of management and security solutions for embedded systems can help your organization comply with cybersecurity by visiting the Digi ConnectCore Embedded Solutions page here. NEXT STEPS * Ready to talk to a Digi expert? Contact us * Want to hear more from Digi? Sign up for our newsletter * Or shop now for Digi solutions: How to buy Explore the Blog EXPLORE THE BLOG * IoT Trends * Technical Insights * Applications * Popular Topics * Meet the Team * Subscribe TAGGED Embedded IoT Security RELATED CONTENT All (10)Products (3)Videos (2)White Papers (2)Blog Post (1)Other (2) Digi ConnectCore Cloud Services The world of IoT is changing, and today OEMs building connected products are expected to build in the capability to perform... WATCH VIDEO Digi ConnectCore Security Services The Digi ConnectCore® ecosystem of system-on-modules, tools, libraries and services enables rapid development of commercial... WATCH VIDEO Emerging Medical Device Cybersecurity Legislation Today governments are making a more proactive move from best practice guidance to enforcement by turning that guidance into law. VIEW PDF Key Strategies for Embedded Systems Security In this article, we outline what’s changed around cybersecurity for embedded products, why there is little time left to respond... READ BLOG System-on-Modules Best-in-class, secure, reliable embedded SOM solution with integrated wireless connectivity VIEW PRODUCTS Digi ConnectCore Security Services Keep your product secure during the entire product lifecycle VIEW PRODUCT Digi ConnectCore Cloud Services Integrated edge-to-cloud connectivity VIEW PRODUCT Wireless Design Services Digi wireless design services help companies solve business problems by embedding wireless technologies to create innovative M2M products Device-Security Framework - Digi TrustFence Digi TrustFence is a device-security framework that simplifies the process of securing connected devices. I WANT THAT The 10 Security Factors Every Device Designer Should Consider For design engineers who are striving to enhance the security of their IoT devices, there are numerous options at hand. Here are 10 proven strategies that engineers can use to improve device security. VIEW PDF About Digi Partner Login Leadership Locations Export Policy Careers Investor Relations Quality Environment Product Certifications Press Releases Media Coverage Global Events Other Digi Sites Legal Privacy Policy Cookie Policy Site Map Newsletter Signup Contact a Digi Expert ©2023 Digi International Inc. All rights reserved. Have a Question? 877-912-3444952-912-3444 LIVE CHAT8am-5pm CSTEMAIL1 business day This website uses cookies that are essential to the operation of this site, to personalize content and allow us to analyze site performance. If you continue to use our website, you consent to the use of our cookies. Click OK to indicate your acceptance of our cookie policy, including advertising cookies, analytics cookies, and sharing of information with social media, advertising and analytics partners.OK x