The Arduino Portenta X8 is compatible with the EU Cyber ​​Resilience Act (CRA).

Arduino Portenta X8, in collaboration with Arduino, has integrated security software on the board. Arduino Portenta X8In this way, this module becomes the first SoM (System on Module) compliant with EU CRA regulations. It is quite successful and is something that will help create various projects. There are many things that must comply with this law.

As you know, the Arduino Portenta X8 is a development board like any other Arduino, but it is the first model to use it. Arm processors that can run GNU/Linux operating systems And with the ability to expand through a plug-in called HAT.

Arduino Portenta X8 is a comprehensive development platform that combines hardware and software to facilitate the creation of advanced IoT solutions. Equipped with a powerful 8-core Arm Cortex-A53 processor, Portenta Its modular design allows it to be expanded with additional modules such as the HAT Carrier Board, and its focus on cyber security makes it compatible with EU Cyber ​​Resilience legislation. It also has advanced security features such as secure boot. Its reliable execution environment and secure OTA updates make it a strong choice for high-end IoT projects.


What is CRA?

at Cyber ​​Resiliency Act (CRA) Its goal is to protect consumers and businesses that use products or software that contain digital components by addressing cybersecurity concerns. It attempts to eliminate security flaws by introducing mandatory cybersecurity requirements for manufacturers and retailers. The law addresses two main issues:

  • Lack of adequate cyber security in many products and the user’s inability to determine the cyber security of the product.
  • The CRA will set harmonized standards. Framework for cybersecurity requirements and commitments throughout the product lifecycle.

When effective The product bears the CE mark to indicate its compliance with the new standard. Help consumers make informed decisions about cyber security. It applies to products connected to the internet. Except in specific cases, such as open source software. It is expected that It will come into effect in early 2024.With manufacturers adopting the standards 36 months later, the committee will periodically review the law.

New EU CRA regulations Specify minimum security For all IoT devices in Europe including:

  • Set standards for secure products with digital elements across the EU.
  • Require manufacturers to give importance to safety.
  • Increase user awareness of the importance of cybersecurity features.
  • Require original equipment manufacturers (OEMs) to quickly patch vulnerabilities in existing devices.

at Cyberattacks cause expensive problems.It affects companies, governments, and individuals. Economic losses resulting from interruption of business operations Theft of confidential information, extortion, and damage to business reputation are important. In addition to direct costs Cyberattacks also create additional costs to improve cybersecurity. Repair affected systems and deal with legal and regulatory implications. Increased complexity of attacks and variety of targets Underscoring the critical need for effective measures to prevent, detect, and mitigate cyber threats, here is the U.S. CRA…

Details of Arduino Portenta X8 with CRA

As I have already discussed Under upcoming EU regulations All digital products must comply with new security standards. Except in specific categories such as medical equipment. Aviation and automotive equipment Some products need to be evaluated for safety by independent agencies. This depends on the level of risk.Additionally, original equipment manufacturers (OEMs) must ensure that these products pass safety assessments for sale in EU countries. and compliance with this law will be monitored.

In this way, the Arduino Portenta X8 can be certified. Labeled products “Extremely critical” that require additional security The EU estimates that the new standards could save between 180 and 290 billion euros per year by reducing cyberattacks. This is because they become a serious problem for organizations and companies as well as for individual users.

This ensures that the Arduino Portenta X8 meets both CRA standards. and Arduino have joined forces. To implement this security enhancement in SoM, as you know, is a company that provides cloud-based development and deployment solutions for secure IoT and Edge devices, so it is a good partner with Arduino to follow suit. These European safety standards

Through this collaboration, Arduino Portenta X8 users can manage the security of their devices. Data protection and manage software efficiently in one place cloud environmentIt also offers additional security against all forms of cyber-attacks and malware. and ensuring rapid response to new vulnerabilities. This allows for rapid firmware updates to address these vulnerabilities.

The Arduino Portenta X8 offers a suite of security features powered by the Linux Micro and FoundriesFactory platforms. together: :

  • Secure boot
  • Trusted execution environment
  • Remote management
  • Installing security key
  • Cloud Authentication
  • Secure OTA (Over-The-Air) updates with TUF support
  • A software bill of materials (SBOM) that is automatically created after each software update.

All of this is not a plus. Because this implementation involves the complexity of simplifying’s software interface and a tool called X8 Board Manager, although in this respect they do a good job. And the new interface is simple and Compatible with Arduino IDE For developers

Fabio Violante, CEO of Arduino, said:

“When we deploy Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 with safety features top of mind from start to finish. It ranges from hardware and firmware to Linux distributions and powered device management. FoundriesFactory “This allowed us to be CRA compliant intuitively from the beginning.”

Leave a Comment