EPS Global, a world-leading IC Programming and Secure Provisioning services organisation, today announced a secure programming service that addresses the requirements of international legislation covering cybersecurity measures for internet-connected devices. Via its worldwide network of 22 programming facilities, EPS Global delivers secure provisioning and encryption solutions to ensure cyber threats that originate online are nullified. EPS Global also works in partnership with IAR Systems, the Swedish software company that offers development tools for embedded systems, to deliver a unique end-to-end solution that enables companies to implement security as a foundation capability, making sure all end-points are tamper-proof and establishing a Supply Chain of Trust.
According to an article in Security magazine, cyber attacks increased by 38% in 2022 globally. In response, the UK passed the Product Security and Telecommunications Infrastructure (PSTI) bill in December of last year, while the US, also in December 2022, extended the Federal Food, Drug, and Cosmetic Act’s cybersecurity controls to include internet-connected medical devices. In the EU, the Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and gives it a key role in setting up and maintaining the European cybersecurity certification framework.
Explains Colin Lynch, Chief Executive Officer, EPS Global: “In our increasingly interconnected world, cyber attackers are a major threat to property, commerce and the economy, and ultimately, people’s lives. Legislation to counter these very real threats is requiring that semiconductor devices are secure from malevolent attack and unintended compromise.”
EPS Global offers a range of options to enable customers to meet the new regulations and eliminate cyber security risk. The company provides secure IC programming services to many large OEMs in the consumer and automotive sectors who are well-versed in the measures they need to employ to protect their embedded systems from sabotage. The customer sends an encrypted package containing encrypted binary file, digital signature and encrypted keys to EPS Global, which holds ISO 27001 Certification ensuring the security of information held by the company. Access by vetted staff to machines in EPS Global’s programming centres is monitored by biometric ID, and secure VPN access is employed to ensure the secure encrypted transfer of programming files to individual machines.
For customers who may be unsure of what levels of protection they need, EPS Global and IAR Systems are able to develop a complete secure provisioning workflow and secure data programming strategy. This can include: protecting devices by inhibiting malware injection; adherence to legislative compliance; and making each device tamper-proof. Once the strategy has been determined, it is implemented at the EPS Global programming centres.