For manufacturers, importers, and retailers in the electrical and electronics industry, it’s important to make sure that products aren’t vulnerable to cyberattack. Cyberattacks are a growing problem, with a growth in both the number of attacks and methods of attack. Recently, as this trend has progressed, regulatory bodies have started to pay more attention to the issue.
For many businesses, it will prove wise to start tackling the issue now, as the industry and regulatory bodies start to shift. Cybersecurity is an important and growing issue that looks set to be much more strictly controlled.
Cybersecurity is already a recognized issue in the electrical and electronics industry. There are regulatory requirements in place already and many obvious products, such as mobile phones, are dealt with effectively.
However, while cybersecurity is well controlled in some products, it’s not dealt with effectively across the board.
Some products are still vulnerable to attack, and regulatory bodies look like they will be making changes. The EU, for example, recently proposed to introduce the Cyber Resilience Act. The EU says that this proposed act will 'ensure that hardware and software products are placed on the market with fewer vulnerabilities and that manufacturers take security seriously throughout a product’s life cycle.
The act is intended to overhaul the approach that manufacturers have towards the security of products with digital elements. It will also ensure that there is a coherent cybersecurity framework, facilitating compliance for hardware and software producers. Commission Vice-President Margaritis Schinas said that the act would ‘close a real, important gap in our legal framework’.
At the moment, the products that are most prone to cyberattack are IoT products.
There are two main reasons why IoT products are so prone to attack. Partly, it’s because there’s been a tremendous growth in their use. However, it’s also because IoT products often aren’t secure enough. Issues such as poor password security, a lack of encryption, or hidden access mechanisms can make these products vulnerable to attack.
Often, people do not give much thought to the security of IoT devices. They may be devices like webcams, baby monitors, or home appliances that are seen as simple and which people connect to the internet without much thought. They are, however, vulnerable to attack, and hackers are busy trying to gain access to them.
You only need to look at past cyberattacks to understand how serious cybersecurity is.
Two devices that people would least like to have hacked, but which have already proven to be vulnerable, are security cameras (CCTV) and webcams used by personal computers. Hackers have been able to gain access to people’s home cameras and publish videos or live feeds on the internet. In 2012, for example, there was a famous hack in which a large number of cameras were hacked. Live feeds were then published on the internet. Any member of the public was able to gain access to live feeds from a camera if they obtained its IP address.
In another example, hackers were found to have gained access to baby monitors. They were even able to listen and speak through the monitors. One mother discovered the issue when she heard a man speaking to her baby through her own baby monitor.
These issues have all been dealt with, but they cause huge problems for brands when they occur.
The hacking of home devices can have serious consequences. There may be serious invasions of privacy, for example, sensitive data may be acquired, or there could even be financial theft. This also isn’t where it stops. Because connected medical devices and IoMT devices are growing in number, personal health data or even human lives could be increasingly at risk.
In 2017, the US FDA recalled almost 500,000 pacemakers due to fears that cybersecurity vulnerabilities could result in hackers gaining access to pacemakers that had already been fitted into patients. The concern was that hackers may be able to control people’s heartbeats or run the batteries down. Both of these things could have resulted in death. In this example, the manufacturer was forced to issue a firmware update to correct the problem.
Other devices which may be vulnerable to attack include cars and industrial equipment.
The potential for hacking to cause problems to businesses in the electrical and electronics industry is huge. An attack on a small database may only result in a ransom demand for a few hundred dollars. However, an attack on pacemaker devices would probably receive worldwide attention.
As in other industries, different players in the electrical and electronics industry have different responsibilities when it comes to safeguarding the public.
Manufacturers should make secure products
Importers and retailers should only import products that are compliant with the latest and most relevant cybersecurity requirements
Infrastructure and platform providers should only allow cybersecurity - certified products on their networks
While the general responsibilities are obvious, it’s not clear where legal responsibilities lie. Regulatory bodies are working on the issue though, and it looks like things will start to change in the near future. Note that we mentioned earlier that the EU has proposed to introduce its Cyber Resilience Act for goods in the EU.
In fact, following the announcement of this proposed act, some manufacturers have already started to take action. Some manufacturers of consumer IoT products sold in the EU are already starting to follow the standard ETSI EN 303 645 in order to comply with the proposed legislation.
Manufacturers, importers, and retailers need to start examining their products and making sure that they’re cyber-secure. It may not always be mandated at the moment, but it looks like this will happen soon. The issue of cybersecurity is set to grow in importance. Action that firms take now will help develop future systems for ensuring cybersecurity compliance.
Note that EU Commission Vice-President Margaritis Schinas said that the EU’s Cyber Resilience Act could be used as ‘an international point of reference’, suggesting that similar legislation will start to be introduced around the world.
At QIMA, with our in-house labs and our sister company CCLab, we offer comprehensive lab testing services to ensure the safety of all electrical and electronic products. Our team of experts can design custom compliance programs for your specific products and markets which can include:
Risk assessment and design evaluations
Cybersecurity evaluation & testing
Regulatory compliance testing
Chemical and analytical testing
Physical and mechanical testing
Performance and reliability testing
Labeling requirements assistance
Contact us today to learn more!