Periodic Reporting for period 2 - CERTIFY (aCtive sEcurity foR connecTed devIces liFecYcles)
Reporting period: 2024-04-01 to 2025-09-30
In a world increasingly populated by connected devices, the Internet of Things (IoT) has transformed industrial operations and everyday life alike. Yet this rapid expansion brings major cybersecurity challenges, as each device can become an entry point for attacks. Recent European initiatives such as the Cybersecurity Act (CSA), the Cyber Resilience Act (CRA) and NIS2 directive underline the need for security-by-design principles, continuous protection, and lifecycle management of digital products. CERTIFY addresses these challenges by defining a methodological, technological, and organizational framework for the active security management of IoT devices throughout their lifecycle—from design and certification to operation, updating, and decommissioning. Its main goal is to make security a continuous, measurable, and collaborative process among manufacturers, domain operators, certification authorities, and cybersecurity intelligence networks.
The CERTIFY framework integrates: i) Security-by-design support and modeling-based certification; ii) Continuous security assessment, attestation, and runtime monitoring; iii) Timely detection, mitigation, and secure reconfiguration; iv) Secure over-the-air (OTA) updating and patch management; and v)Privacy-preserving cyber-threat information sharing.
The CERTIFY framework integrates: i) Security-by-design support and modeling-based certification; ii) Continuous security assessment, attestation, and runtime monitoring; iii) Timely detection, mitigation, and secure reconfiguration; iv) Secure over-the-air (OTA) updating and patch management; and v)Privacy-preserving cyber-threat information sharing.
Over its lifetime, CERTIFY designed, implemented, and validated a full lifecycle management framework combining open hardware, secure software, and cooperative information sharing. Its achievements span three dimensions: technological innovation, methodological advances, and industrial validation.
Technological innovation: CERTIFY developed a modular architecture integrating hardware and software into a unified security ecosystem. At device level, it implemented Trusted Execution Environments (TEE) and Secure Elements (SE) based on open architectures such as RISC-V and ST33 secure microcontrollers, supporting key provisioning, secure storage, and advanced cryptography. These ensure protection of credentials and cryptographic materials even in hostile settings. At system level, secure bootstrapping guarantees that only authenticated devices join a network, while runtime monitoring and intrusion detection provide real-time integrity assessment. Policy enforcement mechanisms based on behavioural profiles—an evolution of the MUD standard—enable adaptive and secure device reconfiguration according to detected threats.
Methodological advances: CERTIFY introduced a continuous certification methodology aligning design-time evaluation with runtime assurance. Security evidence gathered during operation feeds into automated risk assessment, triggering re-certification when significant changes occur. This bridges static certification and the dynamic nature of IoT environments. CERTIFY extended behavioural and threat models with contextual data—vulnerabilities, patch status, and network dependencies—creating a living view of each device’s security posture. It also deployed a privacy-preserving cyber threat intelligence (CTI) service, enabling secure, MISP-based and DLT-backed information sharing among manufacturers, operators, and certification bodies, improving collective resilience without exposing sensitive data.
Industrial validation: The framework was validated in three pilot domains: i) Connected Aircraft Cabin, ensuring integrity and secure reconfiguration of in-flight systems; ii) Smart Micro-Factories, enabling dynamic monitoring and secure asset management across IT/OT; and iii) Artworks Tracking, protecting environmental sensors used in cultural heritage logistics. These pilots confirmed that CERTIFY’s lifecycle approach delivers continuous protection, accountability, and cost-efficient compliance across sectors. Integration of CERTIFY tools reduced onboarding time, improved anomaly detection, and demonstrated progress toward continuous certification and secure OTA maintenance.
Technological innovation: CERTIFY developed a modular architecture integrating hardware and software into a unified security ecosystem. At device level, it implemented Trusted Execution Environments (TEE) and Secure Elements (SE) based on open architectures such as RISC-V and ST33 secure microcontrollers, supporting key provisioning, secure storage, and advanced cryptography. These ensure protection of credentials and cryptographic materials even in hostile settings. At system level, secure bootstrapping guarantees that only authenticated devices join a network, while runtime monitoring and intrusion detection provide real-time integrity assessment. Policy enforcement mechanisms based on behavioural profiles—an evolution of the MUD standard—enable adaptive and secure device reconfiguration according to detected threats.
Methodological advances: CERTIFY introduced a continuous certification methodology aligning design-time evaluation with runtime assurance. Security evidence gathered during operation feeds into automated risk assessment, triggering re-certification when significant changes occur. This bridges static certification and the dynamic nature of IoT environments. CERTIFY extended behavioural and threat models with contextual data—vulnerabilities, patch status, and network dependencies—creating a living view of each device’s security posture. It also deployed a privacy-preserving cyber threat intelligence (CTI) service, enabling secure, MISP-based and DLT-backed information sharing among manufacturers, operators, and certification bodies, improving collective resilience without exposing sensitive data.
Industrial validation: The framework was validated in three pilot domains: i) Connected Aircraft Cabin, ensuring integrity and secure reconfiguration of in-flight systems; ii) Smart Micro-Factories, enabling dynamic monitoring and secure asset management across IT/OT; and iii) Artworks Tracking, protecting environmental sensors used in cultural heritage logistics. These pilots confirmed that CERTIFY’s lifecycle approach delivers continuous protection, accountability, and cost-efficient compliance across sectors. Integration of CERTIFY tools reduced onboarding time, improved anomaly detection, and demonstrated progress toward continuous certification and secure OTA maintenance.
CERTIFY advanced the state of the art in IoT cybersecurity by proving that device certification and compliance can be maintained continuously throughout the lifecycle. The project demonstrated a comprehensive approach combining secure design, dynamic assessment, and collaborative intelligence sharing among all stakeholders.
A key result was the implementation of a security information sharing service that uses Distributed Ledger Technologies (DLTs) together with the Malware Information Sharing Platform (MISP) to exchange vulnerability and threat information in a trustworthy and privacy-preserving way. This enables real-time awareness of risks and supports evidence-based continuous certification. CERTIFY also developed extended behavioural profiles, evolving the standard Manufacturer Usage Description (MUD) and introducing Threat MUD files that describe expected device behaviour, configuration rules, and response actions. These profiles allow the system to automatically determine device trustworthiness during secure bootstrapping, ensuring that only compliant devices can join the network while reducing their attack surface from the start. At the architectural level, the project delivered a security framework integrating a Security Information and Event Management and Response (SIEM-SOAR) component, Intrusion Detection System (IDS), and runtime monitoring at IoT level. Together, these enable continuous assessment of device integrity and behaviour, supporting early detection and automated mitigation of incidents. At hardware level, CERTIFY produced a customisable Trusted Execution Environment (TEE) and a Secure Element (SE) aligned with GlobalPlatform standards. These provide secure storage, cryptographic services, and credential protection even in constrained or exposed devices. Combined with secure Over-The-Air (OTA) mechanisms, they enable trusted updates and long-term compliance.
Overall, CERTIFY delivers a new paradigm for IoT trust management, enabling measurable, continuous, and transparent cybersecurity. The project’s results lay the foundation for the implementation of the Cyber Resilience Act (CRA) and Cybersecurity Act (CSA), providing concrete mechanisms for post-market surveillance, vulnerability management, and lifecycle-wide assurance. Further uptake will benefit from standardisation, industrial integration, and exploitation of key components such as the extended MUD model or the CERTIFY methodology.
A key result was the implementation of a security information sharing service that uses Distributed Ledger Technologies (DLTs) together with the Malware Information Sharing Platform (MISP) to exchange vulnerability and threat information in a trustworthy and privacy-preserving way. This enables real-time awareness of risks and supports evidence-based continuous certification. CERTIFY also developed extended behavioural profiles, evolving the standard Manufacturer Usage Description (MUD) and introducing Threat MUD files that describe expected device behaviour, configuration rules, and response actions. These profiles allow the system to automatically determine device trustworthiness during secure bootstrapping, ensuring that only compliant devices can join the network while reducing their attack surface from the start. At the architectural level, the project delivered a security framework integrating a Security Information and Event Management and Response (SIEM-SOAR) component, Intrusion Detection System (IDS), and runtime monitoring at IoT level. Together, these enable continuous assessment of device integrity and behaviour, supporting early detection and automated mitigation of incidents. At hardware level, CERTIFY produced a customisable Trusted Execution Environment (TEE) and a Secure Element (SE) aligned with GlobalPlatform standards. These provide secure storage, cryptographic services, and credential protection even in constrained or exposed devices. Combined with secure Over-The-Air (OTA) mechanisms, they enable trusted updates and long-term compliance.
Overall, CERTIFY delivers a new paradigm for IoT trust management, enabling measurable, continuous, and transparent cybersecurity. The project’s results lay the foundation for the implementation of the Cyber Resilience Act (CRA) and Cybersecurity Act (CSA), providing concrete mechanisms for post-market surveillance, vulnerability management, and lifecycle-wide assurance. Further uptake will benefit from standardisation, industrial integration, and exploitation of key components such as the extended MUD model or the CERTIFY methodology.