Cybersecurity by Design

Our Team’s Training on Key Cybersecurity Frameworks

Our team recently participated in specialized training focused on European and international cybersecurity frameworks. The training covered:

• RED & EN 18031 – standards for radio equipment security in the EU. These define how wireless and radio devices must meet cybersecurity requirements to protect users and data.

• IEC 62443 – an international standard for industrial automation and control systems (OT/ICS) cybersecurity. It provides guidelines for designing and maintaining secure operational technology systems.

• CRA (Cyber Resilience Act) – a new EU regulation that sets mandatory cybersecurity requirements for products with digital elements, covering the entire product lifecycle, from design to maintenance and updates.

This training has equipped our colleagues to better apply “security by design” principles, understand the obligations these standards entail, and navigate upcoming market requirements.

Security by Design

A key concept emphasized during the training was “Security by Design”, which means integrating cybersecurity from the very beginning of product or system development, rather than adding it afterward.

Key principles include:

1. Security from the start – identifying threats and vulnerabilities during the design phase.

2. Least privilege – systems and users only have the access necessary to perform their tasks.

3. Robustness against attacks – products are designed to remain secure even if an attack is attempted.

4. Ongoing updates and maintenance – planning for secure updates and fixes throughout the product lifecycle.

5. Transparency and documentation – maintaining clear records of implemented security measures for auditing and trust.

By applying Security by Design principles, our colleagues are better prepared to understand obligations set by these standards and regulations and to navigate upcoming market requirements.