CSA Annex U Webinar Recording 2024-03-06

00:05
Good afternoon, everybody. My name is Brad Glazer (G-L-A-Z-E-R). I’m the editor and publisher of two brands that CSA Group works with – the Appliance & HVAC Report, and Test & Measurement 2.0. We have today a webinar from the CSA Group, and we hope you find it very beneficial and I’m confident that you will. At the end of the session, we’ve allotted time for questions and answers. Of course, we’ll open the phone lines. You’re also more than welcome to send any questions you have, via the chat box that will appear during the webinar. We’ll naturally answer those questions. And give us a few days, we’ll have a link as we’re recording this webinar, and you can have that [the webinar recording]. Now, let me introduce Mr. Layne Lueckemeyer. Lanye is the Business Manager for Functional Safety for the CSA Group. Layne, the floor is yours.

01:20
Thanks for that introduction, Brad. Hello, everyone. Thank you for attending our webinar on connectivity for smart home devices and navigating IEC 60335-1 edition 6 Annex U – the cybersecurity requirements. Today, we’re going to distinguish between the different types of safety. We’re going to provide an overview of the new [IEC] 60335-1 edition 6 Annex U, we’ll discuss Annex U’s focus and applicability, and talk a bit about the requirements for an assessment using Annex U, before we wrap up some questions and answers. In 2015, it was reported that some hackers were able to exploit vulnerabilities in a very popular brand of internet-connected baby monitors, which allowed them unauthorized access to the baby monitors live streams. Now, this breach not only invaded the family’s privacy, but it also raised some significant concerns about the security of IoT devices that are used in homes. These hackers were able to shout and make noises through the monitors, which really caused a lot of distress to the children and their parents. And this incident highlighted the critical need for cybersecurity measures in smart home devices, which led to an increased focus on developing and implementing stricter security standards like those that are going to be outlined in IEC 60335-1 Annex U. The goal of Annex U is to protect against unauthorized access and ensure the safety and privacy of users in the interconnected digital environment of smart homes. So, this is an exciting time to see the rapid technological advancements that are shaping the evolution of consumer appliances. These innovations are really making our lives easier or more connected, but we also need to be able to make sure we’re ensuring safety in your home. One of the struggles for manufacturers is to juggle a balance of innovation as well as demands of regulatory compliance. So, this brings us to the introduction of [IEC] 60335-1 edition 6 specifically Annex U, which outlines new safety standards tailored for this era of connectivity. Why does this matter to us? Understanding and complying with edition 6 annex U is about future proofing your products and ensuring that they’re not just innovative, but also secure and reliable. This is essential in a landscape where cybersecurity concerns are on the rise and consumer trust can make or break a brand. By aligning with these standards, we can mitigate risks, enhance your brand recognition, and stand out in a competitive market. So, what is safety? At its core, safety is about creating a secure environment, one where harm is not just minimized but ideally eradicated. In the dynamic world of technology and innovation achieving this is not always straightforward. So, how do we tackle this challenge? It starts with methodical identification and management of potential risks, not just recognizing the hazards that are in front of us but anticipating those that could emerge as technology evolves. It’s a proactive approach, even one that keeps us one step ahead in ensuring the safety and reliability of our products. However, in the practical world, this concept of safety also involves understanding and accepting a level of risk. And this sounds a little bit counterintuitive, but it’s about striving for that balance, a state where a danger is minimized to levels that are deemed acceptable or agreed upon based on the applicable standards. When we talk about a smart home device and this transition from the very beginning of a concept to becoming a household staple, there’s a critical element that underpins every step of this journey – product safety. But what does product safety really mean in the context of this rapidly evolving technological landscape? Well, manufacturers have to ensure that products you bring into your homes, the devices that you rely on every day, are designed and manufactured to be free from safety hazards. A key element of product design includes preventing the common risks that could lead to incidents, such as fire, electric shock, or injuries during use. Take for example, the risk of fire. By testing the materials for flammability and designing circuits that prevent overheating, we can significantly reduce this risk or consider electric shock. By incorporating failsafe modes of insulation, we ensure that even in the event of a fault, users are going to be protected from harm. And when it comes to preventing injuries, thoughtful design, and clear user instructions can make all the difference because it’s going to ensure that your devices can remain powerful, intuitive, and still be safe to use. Another key concept in making safe products is functional safety. Functional safety means that your system or equipment will function the way that is supposed to and that the safety functions are going to perform correctly in response to inputs that are applied. Functional safety is about reducing the risk of simple and complex systems, so they’re going to function safely in the event of an electrical or electronic malfunction. When we talk about functional safety, we’re really concerned with active devices or systems and not passive devices. A simple explanation is that an active protective device is a device that prevents hazards but requires electrical energy to operate. A passive protected device, on the other hand, is a device that prevents hazards, but it doesn’t require electrical energy to operate and detect the condition. An example of a passive protective device would be a fuse or mechanical switch.

07:47
Sorry, I jumped ahead here. Yep. So, let’s shift our focus and look at another critical aspect that goes hand-in-hand with safety, especially in the digital age – security. And when we talk about security within the realm of Information Technology, or IT, we’re talking about this multifaceted approach. It’s not sufficient just to have a password or potentially install antivirus software. It’s important that you have to have a framework that’s going to intertwine policies, procedures, and technological safeguards that are designed to protect your digital data. What the center of this structured approach are three foundational objectives, maintaining the confidentiality, integrity, and availability of information. So, let’s unpack these just a little bit. Confidentiality ensures that your sensitive information is accessible only to those that are authorized to view it. While integrity means that the information is trustworthy, it’s accurate, and free from unauthorized modifications. And availability ensures that this information is accessible to authorize your users when they need it. So, when we’re talking about smart home devices, and other systems that are connected to the internet, we enter this domain of cybersecurity. And this term really encompasses all of the protective measures and strategies that are employed to safeguard our devices and networks from digital attacks. Cybersecurity is about creating this ecosystem where data’s confidentiality, integrity, and availability are preserved. And this is critical because in today’s interconnected world, the security of a single device can impact the safety of an entire network. So, imagine a smart home where a single compromised device really can open the door to some threats that could jeopardize not just your personal data, but also potentially your physical safety. So, let’s take a closer look at the [IEC] 60335 standards. These standards, they provide a framework that’s going to ensure the safety and reliability of electrical appliances [IEC] 60335-1 is that basis for the general requirements, while a series of more detailed subsections that are tailored to the specific types of appliances are designated as the [IEC] 60335-2 series. That’s where you can get into the more specific types of appliances like HVAC systems or, you know, refrigerators, or very specific to the type of appliances that there are. So, there’s a -1 hat’s that provides the general requirements and then the -2 collateral standards provide the more specific requirements for the exact type of appliance. But, the focus of these standards is to ensure that appliances are going to meet a level of residual risk that establishes this baseline of safety that all the products must adhere to. So, within the [IEC] 60335 standards, particularly from clauses 8 through 32, you’ll find specifics that outline the requirements that are relevant to product safety. And these are going to cover a wide array of considerations from electrical insulation to stability to mechanical hazards to radiation, and understanding the standards particularly the foundational [IEC] 60335-1 and the relevant subsections is really important for manufacturers to be able to design products that are going to incorporate innovation and functionality but also uphold standards of safety. So, as we move deeper into [IEC] 60335-1, let’s focus on this particularly pivotal aspect, Annex R. This Annex represents a bridge between software and functional safety and programmable electronic systems that are used within appliances. And Annex R is designed to ensure that the software that governs electronic control functions can be both sophisticated and safe. It’s going to help ensure that the code and your software algorithms are going to meet the same type of scrutiny as traditional physical components. The goal of Annex R is to guide you through integrating safety considerations from the design phase of the software and ensure that the software lifecycle is aligned with the goal of minimizing the risks that are associated with electronic control functions. It helps ensure that if you have software malfunctions, even in the event of a failure, the system is going to remain safe or it’s going to fail in a way that minimizes risk to users and property. So, as we continue to proceed, Annex U emerges as this significant addition to [IEC] 60335-1 and integrate cybersecurity standards into product and functional safety compliance. And this Annex is crucial for appliances that are connected to public networks by ensuring that they’re safeguarded against unauthorized access and communication failures. The integration of Annex U really marked this proactive approach to addressing the cybersecurity challenges that are accompanying technological progress. Annex U is a response to the recognition that the safety integrity of our products can be compromised not just by physical faults, but also by cyber threats and extends to the requirements to the digital realm. Annex U helps ensure that our appliances, especially those that are going to be connected to public networks, are fortified against unauthorized access and communication failures. Imagine you have a smart refrigerator or a heating system or a security camera, these devices have become integral to our daily lives. And now imagine if those devices were compromised not by a physical defect but by a cyber attack. The implications could range from privacy breaches of your personal data to actual physical dangers. So, this is where Annex U becomes necessary, and it outlines the protocols and measures to help mitigate these risks. It helps ensure that our appliances can defend against cyber threats and still maintain their safety integrity even if communication failures occur.

14:17
So, understanding the applicability of Annex U is vital. It becomes relevant for appliances that utilize remote communication by public networks. It emphasizes the need for these interactions to align with safety requirements. Annex U was created really for appliances that leverage the power of connectivity, specifically those that are utilizing remote communication via public networks. And this connectivity opens up this world of possibilities from smart home integration to remote updates. It enhances the functionality and the user experience of these appliances. Consider an example of like a self-cleaning oven receiving a new software update or potentially a washing machine that can adjust its cycle parameters based on data that’s transmitted over the Internet. Annex U is going to ensure that that the software downloads or data transmissions are not just innovative, but they’re also safe. And it highlights the need for these interactions to align with the safety requirements that are outlined in Annex R, which we spoke about earlier for functional safety. And the clauses of 8 to 32 of [IEC] 60335-1 which covered the product safety. It basically means that every software update, every piece of data that’s transmitted has to be scrutinized, and it helps ensure that these changes don’t introduce any vulnerabilities or compromise the safety integrity of the appliance. So, we’ve established the role of Annex U in the cybersecurity landscape of smart appliances. It’s equally important now to help understand the scenarios where Annex U does not apply. So, Annex U does not come into play if the compliance with clauses 8 to 32 of [IEC] 60335-1 have been previously verified for software dependency. Well, what does that mean? In cases where the software integral to the appliance’s safety has already been tested and proven to meet the safety requirements that are outlined in these clauses, additional scrutiny is not under Annex U for those specific aspects might not be necessary. And the recognition is based on the premise that the software’s integrity has been established, focusing Annex U’s application on new or potentially unverified elements of cybersecurity. Annex U’s relevance is limited in scenarios where public network remote communication is strictly outbound. This includes situations where the device sends out data or possibly message alerts or engages in monitoring purposes without receiving commands or software updates from external networks. And the rationale behind this is that the risk profile of purely outbound communication, especially when it doesn’t involve control or modification of the appliances operation, is inherently lower. But even in scenarios where Annex U is deemed inapplicable, the priority remains the same. And that’s going to be to ensure the appliance is secure against unauthorized access. This might involve inspections and adopting best practices in cybersecurity. And, you know, there are scenarios where Annex U protocols might not directly apply, but ensuring cybersecurity and protecting the appliance against unauthorized access and potential cyber threats is going to still remain relevant. So, looking further into these complexities of Annex U within the [IEC] 60335-1 standard, focusing on cybersecurity’s role in appliance safety, it’s important to understand exactly what Annex U addresses. This focus means that there are areas that doesn’t cover though, particularly concerning data confidentiality and user privacy. So, what fills the gaps left by Annex U? Well, let’s look at some of the key directives and standards. The Radio Equipment Directive, this directive is crucial for ensuring that radio equipment is going to meet essential requirements, including those that are related to privacy and personal data protection. And it’s a cornerstone for appliances that communicate wirelessly, ensuring that they’re going to adhere to regulations that govern that user data security and confidentiality. Then there’s ETSI 303 645, and this standard sets a framework for securing consumer IoT devices and focusing on protecting users from common cyber threats and vulnerabilities. It emphasizes this need for built-in security measures that are going to safeguard the user’s privacy and the integrity of their data. And then there’s the IEC 62443 series. These are typically tailored for industrial control systems. But the [IEC] 62443 series of standards has really become increasingly relevant for consumer product. It offers some detailed guidance on securing industrial communication networks. It provides strategies for maintaining confidentiality, integrity, and availability of data across a wide range of applications. For appliances and consumer products, especially those using IoT and connected functionalities, compliance to this standards is really important. And all of these can help complement the cybersecurity focus of Annex U by addressing the aspects of data confidentiality and user privacy, and additionally for industrial applications, these standards are going to offer a more specific set of guidelines. So, Annex U’s domain is pretty specific, it pertains to public networks that facilitate the transmission of data, or signals beyond the confines of domestic spaces. And this can encompass a variety of network types, both wired and wireless, including local area networks, or possibly Bluetooth connections. But, what about technologies that have communication or enable communication without a direct link to these public networks? Well, here’s where the scope of Annex U becomes more defined. So, networks functioning solely within a closed system without the means to connect, or the necessity connect to a broader public network, they don’t fall under the scope of Annex U – they do not fall into the scope of Annex U. This includes technologies like Near Field Communication, infrared communications, and you know, these methods they facilitate local data transfer control, but their limited range and lack of connection to public networks place them just outside the scope of annex of Annex U. So, why is this distinction important? Well, understanding the scope of Annex U really helps us focus our cybersecurity efforts where they’re needed on the appliances and systems that are going to interact with a digital ecosystem through public networks. So, when we’re talking about smart appliances, and their integration into our lives, two concepts really play key roles. One is remote communication, and the other is remote operation. These sound pretty similar, but really understanding their distinction is critical for understanding cybersecurity and functionality. So, let’s start with remote communication. This basically means the transfer of data between an appliance and an external system. It’s like your appliances are having a conversation with the outside world, and it’s going to use various technologies to send and receive information. These technologies might range from radio systems, which can communicate over long distances, to bus systems, which manage data transfer within more confined environments, remote communication basically enables the devices to share status updates to receive instructions, or to even download software updates. The other term that I just mentioned is remote operation. So, if remote communication is the conversation, then remote operation is the action that is taken as a result of that conversation. So, it’s the management of appliances functions, via the communication channels that are established. So, this might mean adjusting temperature settings on your smart thermostat from your smartphone or starting your robotic vacuum cleaner while you’re away from home. Remote communication needs to be secure to protect that data from being transferred from eavesdropping or tampering. And this involves ensuring the confidentiality and integrity of the data in transit. On the other hand, remote operation, security measures have to protect the integrity of the communication but also authenticate the commands and ensure they’re coming from a trusted source.

23:29
So, this brings us to a critical juncture – the specification and verification requirements that are set forth by Annex U and R. So first, let’s talk about software and its role in helping facilitate seamless remote communication. Well, according to Annex U, it’s imperative that the software governing our appliances is not just going to be smart, but it’s also going to be resilient. So, this means incorporating specific safeguards that are designed to handle potential faults and errors that could occur during remote communication. Why is this important? So, imagine you send a command to your smart oven, or you receive data from your security system. You want this interaction to be as reliable and error-free as possible, or Annex U ensures that in the event of faults or errors, the integrity of your data is going to remain intact and free from corruption. Now, turning the attention to the choice of communication technology and subsequent security measures, Annex R on the other hand is going to emphasize that while the selection of technology for remote interaction, whether that’s Wi Fi, Bluetooth, or any other form of communication is unrestricted. Security measures implemented in conjunction have to be robust, have to be strong. This requirement ensures that every piece of data that’s transmitted or received is protected against unauthorized access or tampering. This verification process for these security measures is about verifying their effectiveness in line with the stipulations of Annex R. This could involve evaluation of the security architecture, from encryption methods to the authentication protocols, ensuring that every layer of this communication is going to be fortified against potential cyber threats. So, when we’re talking about smart appliance development, the architecture of the software, this is like a blueprint for safety, security, and compliance. And the principle of this modular approach in software design is needed for flexibility for scalability, and most importantly for security. But by adopting a modular design, these manufacturers can ensure this distinct separation between their software components that are going to interact with public networks, and those that don’t. So, this segregation is crucial for a lot of reasons. Imagine the software is like a series of interconnected rooms in a building. Some of these rooms are going to have doors that are going to open to the outside world, which would be considered your public networks, while others are going to be internal. If you design your software architecture to clearly demarcate these faces, we can apply specialized security measures to the areas that are most exposed to external threats. And this separation facilitates easier updates, maintenance, and scalability. Additionally, the software related to remote communication, an area of really heightened vulnerability given its exposure to public networks, requires clear separation from other software segments. So, if you isolate the remote communication components, we can apply security protocols and comply with specific standard requirements like those that are outlined in Annex R. This isolation ensures that the enhancements or changes made to one module say for improving remote communication security don’t inadvertently impact other areas of the software or other parts of the software. Prioritizing direct user interaction in your software design is fundamental, it helps ensure that user safety and appliance reliability are not compromised by remote operation capabilities. This prioritization highlights the importance of maintaining a plant’s integrity and operational safety independent of network connectivity. And through prioritizing user interaction to the appliances direct controls means that no matter how advanced your remote operation capabilities become, they should never overshadow the importance of direct physical interaction with the appliance. So, why is this important? Well, if you think about a scenario, like a smart oven that has both a local user interface and remote operation capabilities, it’s really convenient to preheat your oven from your smartphone as you’re leaving your office. But that software must ensure that the user who is standing in front of the oven has overriding control, regardless if you have made a move to preheat that oven via smartphone or via remote connection. So, the direct controls have to offer an immediate and a failsafe way to operate or halt the appliance, regardless of any remote commands that are being sent. And this safe and proper functioning of the appliance can’t be contingent on its remote communication functions. The integrity and the operational safety of the device should stand on its own independent of network connectivity or external commands. This is going to ensure that even in the absence of remote capabilities, or in the event of a network failure, the appliance is going to remain fully functional and safe to use. So, now let’s talk about access control. This is a series of steps that are designed to ensure that every interaction with the appliance via a remote communication is going to be secure, it’s going to be authorized, and it’s going to be intentional. So, if we walk through this, the steps of this –identification, authentication, and authorization. So, identification is the initial step in the access control process. This is recognizing who’s attempting to interact with the appliance. This could mean requiring like a user ID or a unique identifier that’s going to basically signify a user’s intent to engage with the device. Identification ensures that only known entities are going to attempt to proceed further in the communication process. Authentication, on the other hand, is verifying the claim made during the identification, and authentication involves validating the user’s identity through various means. It could be through passwords, it could be through biometrics, or it could be through digital certificates. It ensures basically that the person behind the identification step is genuinely associated with having the the credentials that are presented. And then the last is authorization. So, having identified and authenticated user, authorization now determines that the level of access or the specific actions that the user is permitted to perform. And this can range from viewing the device status to initiating operational commands. Authorization basically sets the boundaries of what each authenticated user can and can’t do. And it’s based on a set of predefined policies or roles. So, as we continue, we see that cybersecurity of connected devices must use cryptographic techniques. So, let’s talk about confidentiality, integrity, and availability. These are three fundamental aspects of cybersecurity principles. Confidentiality is essentially the assurance that information is accessible only to those that are authorized to have access. And cryptographic techniques such as encryption, really play a key role here – encryption transforms the readable data into an encoded format that can only be deciphered by those that possess the corresponding key. And this ensures that sensitive information, whether it’s being stored or transmitted, remains confidential, that it’s shielded from unauthorized eyes. In the context of smart appliances, this could mean encrypting data transmitted from a device say to the cloud, and it helps ensure that personal usage patterns or command signals are going to remain private. Integrity ensures that that information is trustworthy and has been unaltered from its original state. So cryptographic methods like hashing or digital signatures are going to safeguard this principle by generating a unique digital fingerprint for data. Cryptographic hashing allows us to detect any alterations, intentional or accidental, and help maintain the data’s integrity. Digital signatures are going to continue to further reinforce this by verifying the origin and authenticity of the data and ensure that the information received is exactly what was sent. It’s untampered and it’s coming from a trusted source. Availability ensures that this information and resources are accessible to authorized users when needed. Cryptographic techniques support this by securing the infrastructure from attacks like Denial of Service. For example, encryption and secure communication protocols can prevent unauthorized access that could potentially lead to system overloads, or data being held for ransom, and thereby supporting the uninterrupted availability of services.

33:05
The management of software updates is really critical for maintaining security and functionality of smart appliances. So, verification before installation, this is the process of conducting a thorough verification to check for any potential data corruption, and this is a safeguard against the introduction of errors or vulnerabilities that could essentially compromise the appliances performance. Additionally, confirming that the software version is going to be compatible with the existing system is really important. Compatibility checks are going to ensure that this new software enhancements are going to integrate seamlessly with the appliances current operations, and it helps preserve that user experience and the devices integrity and maintain the integrity and functionality. When we’re talking about software updates, the goal is to maintain the integrity and functionality of the software. And this really means that every update, every change that’s introduced, it has to follow the standards requirements, especially concerning the software safety functions. And the implications are that the update process itself has to be secure and reliable but the outcome, the updated software must continue to meet those existing safety standards. Compliance with an Annex R for safety critical software is crucial for that safety critical software. This is a prerequisite before deploying any new software version. Safety critical software has this direct impact on the operational safety of the appliance. And it’s important to ensure that these updates don’t alter or degrade the appliances’ safety features. The principle of software update permission emphasizes really the importance of user engagement and consent, and it allows users to be able to control their device’s software lifecycle. So, in this world, we live in [full of] smart appliances, where software plays this role of functionality and safety. The decision to install and update is significant. It’s going to impact not only the performance of the device, but also potentially the privacy and the security of user data. So, recognizing this, the provision of final consent by the user is very important because it ensures that you as a user are not just a passive recipient of software changes, but you’re also an active participant in the decision-making process regarding your appliances. So, to balance the need for timely updates with respect for the user control, manufacturers can offer an automatic update feature. And this feature really empowers you as a user to opt-in for updates to be installed as they become available. Users are going to have this option to enable this feature based on their preferences and potentially their trust in the manufacturers of the process. But for those who prefer a more hands-on approach, the ability to manually approve each update is also important. Clear marking and instructions for manufacturers really empower users to effectively manage their device updates, which can enhance security, autonomy, and really enhance the overall user experience. For users to effectively manage their device updates, they have to be equipped with the knowledge to do that. So, this begins really with the ability to easily determine the current software version of your appliance. Knowing which version is running on your device is the first step and recognizing whether an update is needed, or if the latest security patches and functionalities or are maybe already in place. Furthermore, understanding the steps necessary to perform a software update is equally important, and whether that’s initiating an automatic update, navigating to a specific section within the devices interface for manual updates, or downloading update files from a trusted source, the user should feel confident in your ability to update your device. So, clear step-by-step instructions help facilitate this process, but they also simplify it. And manufacturers play a critical role in this process by ensuring that these instructions are available and are easy to understand and follow. And this might involve things like marking the current software version prominently within the devices’ user interface, or accompanying app, it could be as simple as providing an intuitive guide for updating the software, or it could be to offer support and troubleshooting guidance for common issues that could arise during the update process. Finally, the Annex U assessment really underscores the comprehensive evaluations necessary for securing smart appliances. The foundation of an Annex U assessment really begins with the comprehensive details about the device that’s being tested. This includes things like the devices, specifications, functionalities, and any unique features that are pertinent to its operation and security posture. And understanding the device inside and out is really critical for tailoring the assessment to its specific context. A detailed documentation of the software design forms the core of the assessment, and this includes aspects of remote operation or communication, how the device communicates remotely, including the protocols and data that are transmitted, and so forth. Security measures – the strategies and technologies implemented to ensure the security of remote communications. Procedures for authorized authorization and authentication – this is how the device verifies the identity and permissions of users or other devices. Verification of firmware – the processes that are in place to ensure the firmware’s integrity and security software update process, how updates are managed, verified, and deployed to the device. And equally critical is the software verification and validation documentation. And this encompasses the test plans, the cases, the results that demonstrate your software’s resilience, the functionality, and compliance to the safety standards. This documentation is absolutely necessary and essential in illustrating that the software is going to work as intended, and that it’s going to do so securely and reliably under various conditions. And finally, you have to detail the software tools that are used for development and testing – that’s a very important part of the software engineering process. So, in conclusion as we move forward in that age of connectivity, the details that are required for an Annex U assessment will be considered as keystones of your strategy that’s going to place user safety, security, and trust at the heart of technological advancement.

40:20
That concludes our presentation. At this time, we’ll open up the floor to some questions.

40:27
Okay, so this is Suzy. And we did have a couple questions come through on the chat, and then we’ll go ahead and open up the phone lines for anyone else who has any questions. First one is, “How does Annex U address the issue of remote access and control vulnerabilities in smart home devices?”

40:46
So, Annex U is addressing the remote access by mandating this comprehensive framework for secure communication. It’s going to emphasize the need for devices to implement strong authentication and authorization protocols to verify and control who’s going to have access to the devices’ functionalities. And this could include utilizing advanced encryption to protect data in transit and ensuring that any remote commands are authenticated and authorized to prevent unauthorized access or control. Additionally, it’s going to encourage the separation of network facing interfaces from critical control functions that are going to minimize the risk of a breach leading to possible control over the device.

41:44
Okay, in the context of Annex U, “How significant is the role of software architecture in enhancing the cybersecurity of the smart home devices?”

41:56
So, the role of software architecture is really super important in enhancing device cybersecurity. A well-designed software architecture is going to help facilitate the implementation of different security features by allowing for a distinct separation between critical and non-critical components, as well as between components that are going to interact with, say, external networks and those that don’t. This modular approach that I think I even mentioned it in the presentation, it not only aids in isolating and protecting sensitive parts of the system from vulnerabilities, but it also helps simplify the process of updating and patching software. You can now do updates to say user interface software without affecting safety critical functions. So, it really ensures that these security measures can be dynamically adjusted to counter new threats, and Annex U really underscores the necessity of designing software with security in mind from the from the beginning. It helps ensure that cybersecurity measures are going to be integrated at every level of the system architecture.

43:13
Cool. “Can you give us an example of how a manufacturer can demonstrate compliance with the Annex U requirements?”

43:19
Sure. So, in demonstrating compliance with Annex U, a manufacturer really needs to document and verify several different aspects of their products cybersecurity measures. And this might be detailing the software design and architecture to ensure that it’s going to adhere to the principles of secure development. Like, you know, again, going back to that modular approach, making sure that it allows for easier updates, isolates those critical functions from potential vulnerabilities. Manufacturers have to also show how their devices are able to manage authentication and authorization, how they protect against data corruption, how they securely handle software updates, and this is where third-party testing and certification comes in, and that’s to validate the effectiveness of these security measures.

44:16
Okay, “How does the Annex U impact the software update process for smart home devices?”

44:23
So, Annex U, it really places a strong emphasis on the security of the software update process. It requires that these updates are going to be verified for integrity and compatibility before installation and ensure that they don’t introduce any new vulnerabilities that could compromise the device functionality. So, additionally, the standard [IEC] 60335-1 Annex U mandates that updates maintain adherence to safety requirements both during and after the installation. For safety critical software, it also brings into account compliance with Annex R that’s also going to be necessary because it helps ensure that the you know, any software updates are not going to compromise the functional safety of it or degrade the devices safety features.

45:19
Okay, we have one more from the chat line. “Are there any specific technologies or protocols that Annex U recommends for securing smart home devices?”

45:30
So, that’s a great question. So, Annex U outlines the objectives and the requirements for cybersecurity, but it doesn’t really prescribe specific technologies or protocols. This approach really gives some manufacturers the flexibility to choose the most appropriate or effective security measures for their products. You know, given rapid evolution of technology and cyber threats, the standard places a lot of emphasis on the importance of employing robust encryption for data transmission, secure authentication mechanisms, and methods for ensuring data integrity and availability, but it does not prescribe those specific technologies or protocols that you have to adhere to. So, manufacturers are we really would encourage them to stay aware of emerging cybersecurity technologies and best practices, and integrate those into their design to ensure that their products are going to meet and exceed requirements.

46:42
Okay, that’s great. Anybody else on the line have any questions? You’re welcome to unmute your phone or throw any other questions through the chat and we’ll go ahead and get those answered for you.

47:03
Okay, well, sounds like that’s all the questions that we have. I’ll turn it back over to Brad.

47:22
I want to thank you, Brad Glazer here. I want to thank everybody who registered, attended, clicked on the links to learn about what we were doing with CSA Group today. We’ll be preparing the audio of this. Everyone will receive that link for their own use in the future. And I want to thank CSA Group, a lot of their time went into preparing this presentation and webinar today. This is Brad Glazer on behalf of CSA Group, the Appliance & HVAC Report, and Test & Measurement 2.0 – signing off. Thank you.