SEC10Cyber Resilience Act and Embedded Systems
|
Objectives
|
- Embedded system developers
- Product managers
- Basic Knowledge of Embedded Systems
- Theoretical course
- PDF course material (in English) supplemented by a printed version for face-to-face courses.
- Online courses are dispensed using the Teams video-conferencing system.
- The trainer answers trainees' questions during the training and provide technical and pedagogical assistance.
- At the start of each session the trainer will interact with the trainees to ensure the course fits their expectations and correct if needed
- The prerequisites indicated above are assessed before the training by the technical supervision of the traineein his company, or by the trainee himself in the exceptional case of an individual trainee.
- Trainee progress is assessed by quizzes offered at the end of various sections to verify that the trainees have assimilated the points presented
- At the end of the training, each trainee receives a certificate attesting that they have successfully completed the course.
- In the event of a problem, discovered during the course, due to a lack of prerequisites by the trainee a different or additional training is offered to them, generally to reinforce their prerequisites,in agreement with their company manager if applicable.
Course Outline
- Overview and objectives of the Regulation.
- Key challenges in cybersecurity for products with digital elements
- Scope and applicability: Products and entities impacted by the Act
- Relation to existing EU laws like NIS2, GDPR, and Cybersecurity Act
- Requirements for secure design and development of products
- Vulnerability management obligations, including updates and disclosures
- Transparency measures: Informing users about vulnerabilities and support periods
- Handling substantial modifications in digital products
- CE marking and conformity procedures for digital products
- Classification of products (important vs. critical)
- Case study: Applying conformity assessments to embedded systems
- Obligations for manufacturers: From development to end-of-support
- Securing supply chains and third-party components
- Best practices for risk assessments and due diligence
- Security Solutions
- Built-in security features Yocto Project, Zephyr RTOS
- Hardware-based security modules (e.g., TPMs, Secure Elements).
- Secure boot mechanisms and encrypted storage solutions.
- Compliance Tools and Frameworks
- Vulnerability scanning tools (e.g., CVE checkers)
- Automated tools for compliance documentation and CE marking
- Cyber Resilience Requirements
- Ensuring communication integrity and data encryption as per the Act
- Addressing risks in networked embedded systems
- Secure Communication Protocols
- Importance of secure protocols (e.g., TLS, DTLS, SSH) in embedded systems.
- Overview of industrial and IoT-specific protocols
- Protocol vulnerabilities and mitigation strategies
- Network System Security:
- Implementing secure configurations for embedded network devices
- Techniques for securing wireless communications
More
To book a training session or for more information, please contact us on info@ac6-training.com.
Registrations are accepted till one week before the start date for scheduled classes. For late registrations, please consult us.
You can also fill and send us the registration form
This course can be provided either remotely, in our Paris training center or worldwide on your premises.
Scheduled classes are confirmed as soon as there is two confirmed bookings. Bookings are accepted until 1 week before the course start.
Last update of course schedule: 24 January 2025
Booking one of our trainings is subject to our General Terms of Sales