A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abdelkader Shaaban; Christoph Schmittner

doi:10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abdelkader Shaaban (Autor:in und Vortragende:r)
, Christoph Schmittner

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

Originalsprache	Englisch
Titel	Computer Safety, Reliability, and Security. SAFECOMP 2025
Untertitel	CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings
Redakteure/-innen	Martin Törngren, Elena Troubitsyna, Barbara Gallina, Erwin Schoitsch, Friedemann Bitsch
Seiten	101-114
Seitenumfang	14
Band	15955
ISBN (elektronisch)	978-3-032-02018-5
DOIs	https://doi.org/10.1007/978-3-032-02018-5_8
Publikationsstatus	Veröffentlicht - 21 Aug. 2025
Veranstaltung	Computer Safety, Reliability, and Security. SAFECOMP 2025: 20th International Workshop on Dependable Smart Embedded Cyber-Physical Systems and Systems-of-Systems - Sweden, Stockholm, Schweden Dauer: 9 Sept. 2025 → 12 Sept. 2025 https://safecomp2025.se/

Publikationsreihe

Name	Lecture Notes in Computer Science
Herausgeber (Verlag)	Springer
Band	15955
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Workshop

Workshop	Computer Safety, Reliability, and Security. SAFECOMP 2025
Kurztitel	DECSoS 2025
Land/Gebiet	Schweden
Stadt	Stockholm
Zeitraum	9/09/25 → 12/09/25
Internetadresse	https://safecomp2025.se/

UN SDGs

Dieser Output leistet einen Beitrag zu folgendem(n) Ziel(en) für nachhaltige Entwicklung

SDG 2 – Kein Hunger

Research Field

Dependable Systems Engineering

Zugriff auf Dokument

10.1007/978-3-032-02018-5_8

Andere Dateien und Links

https://link.springer.com/book/10.1007/978-3-032-02018-5#accessibility-information

Diese Publikation zitieren

Shaaban, A., & Schmittner, C. (2025). A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. in M. Törngren, E. Troubitsyna, B. Gallina, E. Schoitsch, & F. Bitsch (Hrsg.), Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings (Band 15955, S. 101-114). ( Lecture Notes in Computer Science ; Band 15955). https://doi.org/10.1007/978-3-032-02018-5_8

Shaaban, Abdelkader ; Schmittner, Christoph. / A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. Hrsg. / Martin Törngren ; Elena Troubitsyna ; Barbara Gallina ; Erwin Schoitsch ; Friedemann Bitsch. Band 15955 2025. S. 101-114 ( Lecture Notes in Computer Science ).

@inproceedings{884942a367e649148f774b060b847ba9,

title = "A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act",

abstract = "The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet{\textquoteright}s capabilities with the CRA{\textquoteright}s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework{\textquoteright}s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems{\textquoteright} lifecycle are consistent with the CRA context.",

keywords = "Cybersecurity, Cyber Resilience Act, IoT, Indoor Food Production",

author = "Abdelkader Shaaban and Christoph Schmittner",

year = "2025",

month = aug,

day = "21",

doi = "10.1007/978-3-032-02018-5\_8",

language = "English",

isbn = "978-3-032-02017-8",

volume = "15955",

series = " Lecture Notes in Computer Science ",

publisher = "Springer",

pages = "101--114",

editor = "Martin T{\"o}rngren and Elena Troubitsyna and Barbara Gallina and Erwin Schoitsch and Friedemann Bitsch",

booktitle = "Computer Safety, Reliability, and Security. SAFECOMP 2025",

note = "Computer Safety, Reliability, and Security. SAFECOMP 2025 : 20th International Workshop on Dependable Smart Embedded Cyber-Physical Systems and Systems-of-Systems, DECSoS 2025 ; Conference date: 09-09-2025 Through 12-09-2025",

url = "https://safecomp2025.se/",

}

Shaaban, A & Schmittner, C 2025, A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. in M Törngren, E Troubitsyna, B Gallina, E Schoitsch & F Bitsch (Hrsg.), Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. Bd. 15955, Lecture Notes in Computer Science , Bd. 15955, S. 101-114, Computer Safety, Reliability, and Security. SAFECOMP 2025, Stockholm, Schweden, 9/09/25. https://doi.org/10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. / Shaaban, Abdelkader (Autor:in und Vortragende:r); Schmittner, Christoph.
Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. Hrsg. / Martin Törngren; Elena Troubitsyna; Barbara Gallina; Erwin Schoitsch; Friedemann Bitsch. Band 15955 2025. S. 101-114 ( Lecture Notes in Computer Science ; Band 15955).

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

AU - Schmittner, Christoph

A2 - Shaaban, Abdelkader

A2 - Törngren, Martin

A2 - Troubitsyna, Elena

A2 - Gallina, Barbara

A2 - Schoitsch, Erwin

A2 - Bitsch, Friedemann

PY - 2025/8/21

Y1 - 2025/8/21

N2 - The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

AB - The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

KW - Cybersecurity

KW - Cyber Resilience Act

KW - IoT

KW - Indoor Food Production

UR - https://link.springer.com/book/10.1007/978-3-032-02018-5#accessibility-information

U2 - 10.1007/978-3-032-02018-5_8

DO - 10.1007/978-3-032-02018-5_8

M3 - Conference Proceedings with Oral Presentation

SN - 978-3-032-02017-8

VL - 15955

T3 - Lecture Notes in Computer Science

SP - 101

EP - 114

BT - Computer Safety, Reliability, and Security. SAFECOMP 2025

T2 - Computer Safety, Reliability, and Security. SAFECOMP 2025

Y2 - 9 September 2025 through 12 September 2025

ER -

Shaaban A , Schmittner C. A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. in Törngren M, Troubitsyna E, Gallina B, Schoitsch E, Bitsch F, Hrsg., Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. Band 15955. 2025. S. 101-114. ( Lecture Notes in Computer Science ). doi: 10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abstract

Publikationsreihe

Workshop

UN SDGs

Research Field

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Diese Publikation zitieren