We live in an ever-increasingly connected world, and innovation continues to drive the use of network connected products and software – from our homes, schools and offices to the medical devices in hospitals and control systems in industrial facilities. This interconnected landscape can provide numerous advantages and process efficiencies, such as opportunities for companies to gather and leverage data, but can also give rise to potential cyber threats. CSA Group understands the need to stay ahead of the technology curve to help prevent ongoing cyber threats from becoming a reality. We recognize the importance of demonstrating the safety and security of your connected products to stakeholders. We appreciate that a breach of your system can cause a major catastrophe. And we are committed to helping your business mitigate the risks involved with the internet enabled connections between every day products, or Internet of Things (IoT). We will work closely with you to develop tailored solutions that help you identify potential issues and implement security measures to reduce or minimize the chance of intrusion into your equipment or systems.
Your customers expect a certain level of security, and a thorough gap analysis helps to determine the overall areas of cybersecurity weakness in products or processes, as well as necessary improvements. Our services evaluate the maturity of the cybersecurity controls implemented in the product, service or company to help identify these weaknesses, as well as check how the product/service or organization meets the controls outlined in one or more standards. Quality and security improvements can then be made based on the product assurance that comes with using a third-party provider, helping you gain a competitive advantage.
Security Development Lifecycle Assurance (SDLA)
We are committed to helping you stay one step ahead of potential security threats by addressing them early in the product life cycle, before committing to production. A Security Development Lifecycle (SDLC) focuses on the security aspect of a product lifecycle, and SDLA demonstrates that your business has implemented and uses a product development lifecycle in which cybersecurity is considered at all phases—from design to decommission. This commitment to security improvements demonstrates your business’s capability to supply secure products that conform to the requirements of IEC 62443.
Embedded Device Security Assurance (EDSA)
Your customers often want assurance that their embedded devices have been subject to formal evaluation and testing, and meet ISA Secure EDSA specifications. Our solutions help to provide third-party assurance on the security of embedded devices and its features as well as your device supplier’s development process.
Embedded Device Security Assurance includes three elements: the Functional Security Assessment (FSA), the Software Development Security Assessment (SDSA), and the device Communication Robustness Testing (CRT).
We understand that independent, formal product testing in a laboratory environment for known vulnerabilities provides the confidence and assurance that you need to bring your products to market. Our procedures test against the Common Weakness Enumeration (CWE) database, product robustness and resilience against known cyber-attacks, as well as additional security testing such as penetration testing, radio frequency testing, and source code analysis.
Aside from improved security and quality of your products, we can also help reduce your need to invest in high cost tools by providing access to the expertise and high-tech laboratory resources. We can offer the robustness testing service that is part of EDSA or SSA as independent service, consisting of both CRT and Vulnerability Identification Testing (VIT) of the embedded device. This can be offered to product manufacturers or system integrators who do not have the capacity or in-house expertise.