Modern vehicles are complex, connected systems with an ever-expanding attack surface. In this environment, documentation alone is no longer sufficient — to meet regulatory requirements, cybersecurity must be demonstrated in practice.

Testing is carried out under witnessed conditions, with each step documented and reproducible. These tests play a critical role in vehicle type approval under UNECE R155 and have effectively become the vehicle’s digital crash test.

We have extensive experience in penetration testing of vehicles and automotive components, including expert advisory services and the execution of witnessed tests for vehicle type approval.

Read more in our article: https://www.assured.se/areas/automotive-security/robust-cybersecurity-vehicles-new-airbag

#automotive #cybersecurity #r155 #uneceR155 #iso21434 #typeapproval #wvta

New international regulations are raising the bar for cybersecurity in the automotive industry, with significant risk for manufacturers that fail to act early.

A systematic, structured approach to cybersecurity is increasingly critical for faster approvals, a secure market launch, and maintaining competitiveness.

In this article, we describe how these requirements impact vehicle development in practice, what is needed to demonstrate compliance during type approval, and why many manufacturers must move away from ad-hoc measures toward a traceable, lifecycle-wide cybersecurity process.

Read the article: https://www.assured.se/areas/automotive-security/cybersecurity-requirements-for-vehicles-eu

#cybersecurity #automotive #r155 #uneceR155 #iso21434 #nis2 #typeapproval #wvta #tara

Why cybersecurity is business-critical in MedTech

#Cybersecurity in #MedTech is not only about protecting systems. It directly affects commercial outcomes.

Security influences time-to-market, interactions with notified bodies, and the ability to maintain products throughout their lifecycle. In practice, it weighs just as heavily as functionality when launch decisions are made.

When testing is performed at the right stages, risks are identified early and addressed before they become costly or cause delays. When security is owned at the management level, it becomes a decision-support tool rather than a late-stage obstacle.

Read our article: https://www.assured.se/areas/medtech-security/cybersecurity-is-business-critical-in-medtech

Cybersecurity requirements in MedTech

Even when #cybersecurity is included in #MedTech product development, it is often still treated as a technical detail rather than what it actually is: a regulatory and business-critical requirement.

Under #MDR and #IVDR cybersecurity is directly tied to market access. Weak or late security work doesn’t just create technical debt. It can delay approvals, increase remediation costs, or stop a product from being launched altogether.

Building security in from the design phase, and validating it continuously, is increasingly a prerequisite for operating in regulated healthcare markets.

Read our article: https://www.assured.se/areas/medtech-security/cybersecurity-requirements-in-medtech

We just published a blog post on how insecure default settings in Google Kubernetes Engine (GKE) can be exploited to gain control over cloud environments. Learn how chaining multiple vulnerabilities can lead to significant risks and discover practical tips for securing your GKE clusters. Don't miss out on our detailed attack chain analysis and essential recommendations for robust GKE security.
Read the full post here: https://www.assured.se/posts/exploiting-insecure-gke-defaults

#CyberSecurity #GKE #CloudSecurity #Kubernetes #Infosec #DevSecOps