Feature: Security


characterising and solving security issues aſt er discovery. To ease security management, embedded devices benefi t from the following architectural adjustments: • Integrated telemetry reporting: By collecting device health data and sending it back to a cloud platform, manufacturers can quickly discover bugs or exploits across connected devices. Telemetry reporting also allows teams to verify the eff ectiveness of new patches in limited real-world trials before fl eet-wide rollout.


• Highly modular, containerised soſt ware architecture: T reat isolation supports a reduced attack surface if a device becomes compromised. For example, containerisation prevents a user interface hack from accessing core operating system (OS) code. It also allows individual soſt ware components to continue running while others get updated, reducing operational downtime. Similarly, modular soſt ware accelerates the location of vulnerabilities and reduces OTA data requirements and, hence, cost, when compared to monolithic code updates.


• Rollback mechanisms: OTA interruptions and glitches can prevent patches from being installed correctly,


which could cause bricking. Rollback mechanisms ensure that a device can always return to a state of working order if an update fails, allowing manufacturers to fulfi ll the CRA commitment and maintain device integrity. Understandably, secure OTA updates


require end-to-end encrypted tunnels to ensure that patches can’t be compromised during transmission and that only signed and verifi ed fi rmware can run on a device. To meet documentation requirements for every patch issued, manufacturers benefi t from soſt ware development frameworks that provide automated SBOM generation and logging. However, implementing CRA-aligned


frameworks can place a large burden on developers building soſt ware from scratch, especially with fast-approaching regulatory deadlines. T ankfully, COTS solutions can help teams meet compliance requirements on time.


Software frameworks for CRA COTS soſt ware frameworks off er several advantages that are particularly relevant to the CRA. T e fi rst is accelerated development for reducing time to market. Similarly, while the legal responsibility for compliance lies with manufacturers, tried and tested third-party solutions can


also reduce the chance of encountering regulatory blind spots. Moreover, by working with commercial partners, manufacturers can gain additional long-term support for their soſt ware infrastructure, which can further ease the burden on developers. An example of such a solution


is SECO’s Clea OS, a customisable soſt ware architecture that is designed for industrial-grade secure systems and exhibits many features that ease CRA compliance. Based on the open- source Yocto Project, Clea OS provides reproducibility and traceability for CRA audits, with automated SBOM generation capabilities to support mandatory documentation eff orts. In contrast to many closed operating


systems, Clea OS is designed as a streamlined and controlled Linux OS foundation, minimising unnecessary components to reduce the attack surface and improve overall security and resilience. Containerisation is facilitated by Docker, to isolate threats and enable 24/7 operation during patching. T is is additionally supported by A/B partitioning to ensure a working fi rmware image is always present on the device and rollback of the active fi rmware in case an update fails. Furthermore, Clea OS supports secure


boot, digitally-signed OTA updates, continuous real-time device monitoring in combination with SECO’s wider Clea ecosystem (Figure 3) and a cybersecurity package. Enabling manufacturers to maximise threat detection and patching opportunities, these facilitate the CRA’s lifetime support, directly addressing key requirements such as secure update mechanisms, continuous vulnerability management and system integrity. T e existence of COTS solutions,


Figure 3: The SECO Clea ecosystem encompasses both edge software and cloud infrastructure to support manufacturers in comprehensive device cybersecurity management


including SECO’s Clea OS, proves that CRA compliance doesn’t have to be as challenging as it may fi rst appear. By encouraging development teams to use ready-made soſt ware frameworks that enable high levels of customisation, manufacturers can ease the transition into a new cybersecurity landscape while delivering diff erentiated products to market.


32 May 2026 www.electronicsworld.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44