Products & Solutions

How the Security Upgrade Kit helps companies comply with global regulations

26/11/2024 by Roland Marx

The constant increase in threats to the cyber security of companies and their embedded systems is triggering regulatory action by authorities in Europe and worldwide. The resulting requirements for embedded systems, IoT, and OT applications place companies and organizations under obligation. With the new Security Upgrade Kit, organizations and companies can secure their embedded systems, IoT, and OT applications easily, effectively, and cost-effectively and meet all relevant requirements.  

Your embedded systems, IoT and OT applications need to comply with global cybersecurity regulations and industry standards

A look at the global regulations and industry standards shows which requirements embedded systems have to meet today on the way to becoming secure embedded systems.

In the EU alone, there are currently (as of September 2024) four regulations that will come into force soon and affect companies and their embedded systems: the Radio Equipment Directive (RED; will come into force as early as 2025), the Cyber Resilience Act (CRA; expected to come into force in 2027), the Network and Information Security Directive (NIS2; is in force, member states must have implemented the directive by October 2024) and the Data Act (is in force, will become directly applicable from September 2025).

American and global regulations include e.g. the Payment Card Industry Data Security Standard (PCIDSS) and the IoT Security and Safety Framework (IoT-SSF) in Japan.

In addition to the regulations, there are industry standards that must be met. It should be noted here that manufacturers should provide proof that their products meet these standards, especially for products that will be delivered to Europe from 2024. It is worth noting that some of the regulations and guidelines summarized in this section are based on existing IoT cybersecurity standards such as EN 303 645 and IEC 62443-4-2.

As for the US, there is also the NIST Cybersecurity for IoT Program, NISTIR 8259A: Core Device Cybersecurity Capability Baseline (May 29, 2020) which should be considered by manufacturers of IoT devices.

How the Security Upgrade Kit protects embedded systems, IoT, and OT applications while complying with relevant regulations worldwide

The Security Upgrade Kit with microSD card Security Level 2 creates trust for organizations and companies in their embedded systems, IoT, and OT applications, effectively protecting them and meeting both global regulations and industry standards. And not to forget, there are unique requirements for secure embedded systems such as data confidentiality, data integrity, and data availability. This means that companies need to protect themselves and their data even better and offer legally compliant products.

At the heart of the Swissbit solution is an industrial-grade microSD card, which is ideal for retrofitting as a removable medium. Equipped with a special flash controller and advanced Swissbit firmware, the card offers security functions such as configurable access controls and data protection atthe  partition level. The optimized firmware also makes the card ideal for applications with frequent read access and long data retention. The Security Level 2 microSD card in the Security Upgrade Kit is available in storage capacities of 16, 32, and 64 GB and is based on pSLC flash memory technology, which ensures particularly high endurance and durability. The cards are designed for the industrial temperature range of -40 to +85 °C.

The Kit includes appropriate documentation, software, and tools. It offers real-time data encryption with AES 256 and allows the customization of protection profiles. Areas of application include copying sensitive data or protecting system integrity through Secure Boot. You can decide if a partition is Read Only (RO) or Read Write (RW), as well as if it should appear by default, or only after the unlocking. There are even more interesting profiles for special purposes, like “flexible RO”, which turns the partition from RO into a writeable mode after the unlocking.

As a retrofit solution on a microSD basis, the Security Upgrade Kit offers maximum flexibility.

The most important advantages of the Security Upgrade Kit at a glance

  • Encryption (Self encrypting drive using real-time AES 256)
  • Access Control (hardware-based and easy to use)
  • Individual configuration of protection profiles (RW, RO, Visible and Hidden Partitions)
  • Industrial grade memory (pSLC) for high endurance
  • Better data protection
  • Upgrade of existing micro-SD cards/SD cards
  • Perfect for retrofit solutions
  • Exceptional embedded security
  • License Management Anchor – e.g. for WIBU CodeMeter

The Security Upgrade Kit is primarily designed for Linux-based embedded systems, IoT, and OT applications, but can also be adapted for other operating systems if required. Thanks to the widespread use of embedded systems, Io,T, and OT applications, the areas of usage range from industry and the public sector to critical infrastructures.

Does that sound interesting to you? Convince yourself of our expertise and contact us.