The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

  • Abdelkader Magdy Shaaban,
  • Christoph Schmittner

摘要

The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.