International cybersecurity regulations are continuing to evolveto meet the changing threat landscape. One major focus is on outdated firmware in IoT devices, which can present significant security vulnerabilities. To address these challenges, Microchip Technology is enhancing its TrustMANAGER platform to include secure code signing and Firmware Over-the-Air (FOTA) update delivery as well as remote management of firmware images, cryptographic keys and digital certificates.
These advancements support compliance with the European Cyber Resilience Act (CRA) which mandates strong cybersecurity measures for digital products sold in the European Union (EU). Aligned with standards like the European Telecommunications Standards Institute (ETSI) EN 303 645 baseline requirements of cybersecurity for consumer IoTand the International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 security of industrial automation and control systems standards, the CRA sets a precedent that is anticipated to influence regulations worldwide.
Microchip’s ECC608 TrustMANAGER leverages Kudelski IoT’s keySTREAM Software as a Service (SaaS) to deliver a secure authentication Integrated Circuit (IC) that is designed to store, protect and manage cryptographic keys and certificates. With the addition of FOTA services, the platform helps customers securely deploy real-time firmware updates to remotely patch vulnerabilities and comply with cybersecurity regulations.
“As evolving cybersecurity regulations require connected device manufacturers to prioritise the implementation of mechanisms for secure firmware updates, lifecycle credential management and effective fleet deployment,” said Nuri Dagdeviren, Corporate Vice President of Microchip’s security products business unit. “The addition of FOTA services to Microchip’s TrustMANAGER platform offers a scalable solution that removes the need for manual, and expensive, static infrastructure security updates. FOTA updates allow customers to save resources while fulfilling compliance requirements and helping to future-proof their products against emerging threats and evolving regulations.”
Further enhancing cybersecurity compliance, the Microchip WINCS02PC Wi-Fi network controller module used in the TrustMANAGER development kit is now certified against the Radio Equipment Directive (RED) for secure and reliable Cloud connectivity. RED establishes strict standards for radio devices in the EU, focusing on network security, data protection and fraud prevention. It will come into force on 1st August 2025, at which point all wireless devices sold in the EU market must adhere to RED cybersecurity provisions.
By incorporating these additional services, TrustMANAGER—governed by keySTREAM—tackles key challenges with IoT security, regulatory compliance, device lifecycle management and fleet management. This solution is engineered to serve IoT device manufacturers and industrial automation providers.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.