Skip to content

Etteplan and CertX start a partnership to certify cybersecurity for embedded devices

News – Published: 04.03.2021 9:00:00

Etteplan News release, March 4, 2021

Etteplan and CertX AG, an accredited certification body, have started a partnership to ensure a certified and secure product development lifecycle process, especially for embedded devices and operational technology. A certified development process is beneficial due to forthcoming global and regional cybersecurity regulations, especially in the European Union, but also in the US, and China.

Thanks to the partnership, Etteplan has started implementing a secure product development process according to IEC 62443-4-1 and technical security requirements according to IEC 62443-4-2 in embedded device development, well beforehand the regulations become mandatory. CertX acts as Etteplan’s partner in training and in accredited certification of processes and products.

“At Etteplan, we have already paid plenty of attention to the need to offer our customers secure development of embedded devices and software. But only in a few years, a secure development process will also be a regulatory market requirement. Cybersecurity regulations will be applicable to most of our customers, and there is a growing need to design new products and redesign existing products to also meet higher technical security levels, ” says Sales Director Antti Tolvanen from Etteplan’s Software and Embedded Solutions Service Area.

New regulations and certifications to come

The new EU security regulations include the NIS2 proposal, Cybersecurity Act Certification Schemes, and the RED directive. In the USA, the IoT Cybersecurity Improvement Act will regulate what devices federal government is allowed to purchase. Some of these regulations are likely to become mandatory starting from 2023, particularly for devices and software used in critical infrastructure. Horizontal security regulation for connected devices sold within EU is already envisioned to be mandatory by end of the 2020s. A common security reference basis in operational technology are the IEC 62443-4 standards, originally created for industrial automation, which are soon mandatory in certain industries.

Etteplan aims at receiving the IEC 62443-4-1 certification by the end of 2021. The first step has been to train dozens of software and hardware developers in Finland, Sweden and Poland about the IEC 62443-4-series.

The training was provided by CertX AG. It is a Swiss accredited certification body specialized in functional safety and cybersecurity, and its certificates are recognized worldwide.

“The development of a cybersecurity culture across the different levels of an organization is a key element for demonstrating, at the end of the day, security-by-design and defense in depth principles. Holistic approaches imply the addressing of human capabilities, in addition to secure technologies and robust processes, ” says Head of Cybersecurity certifications Kilian Marty from CertX AG.

“So far, operational technologies, or OT’s, have been less mature concerning cybersecurity than information technologies, IT’s. Cybersecurity has been more of a nice-to-have, but now we are moving to a more regulated world. For instance, in the automotive industry the regulation will become mandatory in 2022–2024, and in the telecommunications industry providers need to prove they have secure processes, ” says CEO Jens Henkner from CertX AG.

Additional information:
Outi Torniainen, Senior Vice President, Marketing and Communications, Etteplan tel. +358 10 307 3302

Etteplan in brief

Etteplan provides solutions for industrial equipment and plant engineering, software and embedded solutions, and technical documentation solutions to the world’s leading companies in the manufacturing industry. Our services are geared to improve the competitiveness of our customers’ products, services and engineering processes throughout the product life cycle. The results of Etteplan’s innovative engineering can be seen in numerous industrial solutions and everyday products. In 2020, Etteplan had a turnover of approximately EUR 260 million. The company currently has some 3,300 professionals in Finland, Sweden, the Netherlands, Germany, Poland, Denmark and China. Etteplan's shares are listed on Nasdaq Helsinki Ltd under the ETTE ticker.