© Nmedia - fotolia.com

A continuous series of new security incidents clearly demonstrates that the security of Internet-based products must be guaranteed across the entire product lifecycle and the entire ecosystem. Highly innovative products such as medical devices or connected vehicles, but also simple products such as electric kettles increasingly feature integrated software and use individual IP addresses. Due to updates and expanded functionality, which are no longer solely contained within the product, but also in the “backend” or the product network, the definition of products and the concept of product safety are changing. Thus, the functional safety of a product is increasingly contingent on its information security.

The risk for the user of falling victim to cyberattacks is increasing. Sensitive – and often personal – data can be manipulated, exposed, or destroyed. This applies in particular to critical infrastructure, i.e. neuralgic systems such as power and water supplies. Integrity, confidentiality, availability, and the interplay of “safety”, “security”, and “privacy” of digital systems are essential requirements for the acceptance of digital social trends, making them the backbone of innovation and economic growth. It is paramount for innovations to be implemented securely to become progress.

A consistent certification framework can significantly contribute to ensuring that products and services are already secure before market entry and remain resilient throughout their entire lifecycle. Nevertheless, the present regulation proposal does not adequately take the long-term significance of secure internet-capable devices into account with regard to future societal developments and therefore requires substantial recalibration.

The full paper is available for download below.