The CRA is an initiative that aims to ensure that vendors establish appropriate cybersecurity safeguards in the digital products they sell. By establishing cybersecurity requirements before and after a product is marketed, the CRA will strengthen the security and resilience of the entire supply chain for the benefit of businesses and end consumers.
The main mission of the Cybersecurity Resilience Act is to fill existing gaps in legislation by creating horizontal legislation defining European cybersecurity standards for digital products and services, as currently EU product-specific legislation mostly covers security aspects and addresses cybersecurity only partially.
Evaluating a pioneering product in a CPSTIC/CCN-STIC 105 taxonomy is both a great motivation and a challenge. Therefore, we are pleased to be the first laboratory that has successfully evaluated a product in the category of Videoconferencing tools, being included in the Qualified Products section of the Spanish Catalogue of Information and Communication Technology Security Products (CPSTIC) published by the CCN. From here we would like to congratulate PEXIP for this reason and for the great work done.
In this article we will discuss how we could apply fuzzing to software developed for embedded systems and IoT using techniques such as emulation and dynamic instrumentation, with the main goal of learning a new way of evaluating the security of devices like routers, smart lightbulbs, industrial IoT, etc.
While performing a STIC evaluation of a product, the evaluation team at jtsec thought that it would be interesting to analyze the communications between two embedded devices that were part of the product. The main objective was to determine whether those communications were properly secured with encryption and other important security measures when it comes to devices that communicate using radio frequencies such as protection against jamming, GPS spoofing or replay attacks.
A few days ago, the International Conference on the Eu Cybersecurity Act (EUCA) was held in Brussels, we were really looking forward to returning to face-to-face events. EUCA has been created to support the discussion among all the stakeholders in a key topic for the community: The EU Cybersecurity Act. One more year, it was attended by top-level speakers who addressed different areas such as IOT Challenges, cloud and GDPR Frameworks or innovations in assurance and standards, among others
