A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abdelkader Shaaban; Christoph Schmittner

doi:10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abdelkader Shaaban (Author and Speaker)
, Christoph Schmittner

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

Abstract

The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

Original language	English
Title of host publication	Computer Safety, Reliability, and Security. SAFECOMP 2025
Subtitle of host publication	CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings
Editors	Martin Törngren, Elena Troubitsyna, Barbara Gallina, Erwin Schoitsch, Friedemann Bitsch
Pages	101-114
Number of pages	14
Volume	15955
ISBN (Electronic)	978-3-032-02018-5
DOIs	https://doi.org/10.1007/978-3-032-02018-5_8
Publication status	Published - 21 Aug 2025
Event	Computer Safety, Reliability, and Security. SAFECOMP 2025: 20th International Workshop on Dependable Smart Embedded Cyber-Physical Systems and Systems-of-Systems - Sweden, Stockholm, Sweden Duration: 9 Sept 2025 → 12 Sept 2025 https://safecomp2025.se/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	15955
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	Computer Safety, Reliability, and Security. SAFECOMP 2025
Abbreviated title	DECSoS 2025
Country/Territory	Sweden
City	Stockholm
Period	9/09/25 → 12/09/25
Internet address	https://safecomp2025.se/

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 2 Zero Hunger

Research Field

Dependable Systems Engineering

Keywords

Cybersecurity
Cyber Resilience Act
IoT
Indoor Food Production

Access to Document

10.1007/978-3-032-02018-5_8

Cite this

Shaaban, A., & Schmittner, C. (2025). A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. In M. Törngren, E. Troubitsyna, B. Gallina, E. Schoitsch, & F. Bitsch (Eds.), Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings (Vol. 15955, pp. 101-114). ( Lecture Notes in Computer Science ; Vol. 15955). https://doi.org/10.1007/978-3-032-02018-5_8

Shaaban, Abdelkader ; Schmittner, Christoph. / A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. editor / Martin Törngren ; Elena Troubitsyna ; Barbara Gallina ; Erwin Schoitsch ; Friedemann Bitsch. Vol. 15955 2025. pp. 101-114 ( Lecture Notes in Computer Science ).

@inproceedings{884942a367e649148f774b060b847ba9,

title = "A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act",

abstract = "The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet{\textquoteright}s capabilities with the CRA{\textquoteright}s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework{\textquoteright}s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems{\textquoteright} lifecycle are consistent with the CRA context.",

keywords = "Cybersecurity, Cyber Resilience Act, IoT, Indoor Food Production",

author = "Abdelkader Shaaban and Christoph Schmittner",

year = "2025",

month = aug,

day = "21",

doi = "10.1007/978-3-032-02018-5\_8",

language = "English",

isbn = "978-3-032-02017-8",

volume = "15955",

series = " Lecture Notes in Computer Science ",

publisher = "Springer",

pages = "101--114",

editor = "Martin T{\"o}rngren and Elena Troubitsyna and Barbara Gallina and Erwin Schoitsch and Friedemann Bitsch",

booktitle = "Computer Safety, Reliability, and Security. SAFECOMP 2025",

note = "Computer Safety, Reliability, and Security. SAFECOMP 2025 : 20th International Workshop on Dependable Smart Embedded Cyber-Physical Systems and Systems-of-Systems, DECSoS 2025 ; Conference date: 09-09-2025 Through 12-09-2025",

url = "https://safecomp2025.se/",

}

Shaaban, A & Schmittner, C 2025, A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. in M Törngren, E Troubitsyna, B Gallina, E Schoitsch & F Bitsch (eds), Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. vol. 15955, Lecture Notes in Computer Science , vol. 15955, pp. 101-114, Computer Safety, Reliability, and Security. SAFECOMP 2025, Stockholm, Sweden, 9/09/25. https://doi.org/10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. / Shaaban, Abdelkader (Author and Speaker); Schmittner, Christoph.
Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. ed. / Martin Törngren; Elena Troubitsyna; Barbara Gallina; Erwin Schoitsch; Friedemann Bitsch. Vol. 15955 2025. p. 101-114 ( Lecture Notes in Computer Science ; Vol. 15955).

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

TY - GEN

T1 - A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

AU - Schmittner, Christoph

A2 - Shaaban, Abdelkader

A2 - Törngren, Martin

A2 - Troubitsyna, Elena

A2 - Gallina, Barbara

A2 - Schoitsch, Erwin

A2 - Bitsch, Friedemann

PY - 2025/8/21

Y1 - 2025/8/21

N2 - The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

AB - The Cyber Resilience Act (CRA) is a recently published EU regulation that introduces guidelines to ensure the cybersecurity of digital components in Europe. It demands that manufacturers ensure the cybersecurity of products containing software and digital components. This represents a critical step toward advancing cybersecurity by enabling the integration of secure components throughout the system engineering lifecycle. As part of the AIMS5.0 project, we recognise the importance of the CRA in securing the future of digital components across Europe. Furthermore, we introduce a ThreatGet-based cybersecurity framework to facilitate alignment with the CRA. This paper presents the proposed framework, which integrates ThreatGet’s capabilities with the CRA’s key requirements and principles. While it does not aim to prove full compliance, it provides valuable support in guiding cybersecurity activities in the right direction. A smart indoor food production system is used as a case study to demonstrate the framework’s effectiveness and illustrate how ThreatGet can help ensure that cybersecurity activities within such systems’ lifecycle are consistent with the CRA context.

KW - Cybersecurity

KW - Cyber Resilience Act

KW - IoT

KW - Indoor Food Production

UR - https://link.springer.com/book/10.1007/978-3-032-02018-5#accessibility-information

U2 - 10.1007/978-3-032-02018-5_8

DO - 10.1007/978-3-032-02018-5_8

M3 - Conference Proceedings with Oral Presentation

SN - 978-3-032-02017-8

VL - 15955

T3 - Lecture Notes in Computer Science

SP - 101

EP - 114

BT - Computer Safety, Reliability, and Security. SAFECOMP 2025

T2 - Computer Safety, Reliability, and Security. SAFECOMP 2025

Y2 - 9 September 2025 through 12 September 2025

ER -

Shaaban A , Schmittner C. A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act. In Törngren M, Troubitsyna E, Gallina B, Schoitsch E, Bitsch F, editors, Computer Safety, Reliability, and Security. SAFECOMP 2025: CoC3CPS, DECSoS, SASSUR, SENSEI, SRToITS, and WAISE, Stockholm, Sweden, September 9, 2025, Proceedings. Vol. 15955. 2025. p. 101-114. ( Lecture Notes in Computer Science ). doi: 10.1007/978-3-032-02018-5_8

A ThreatGet-Based Framework for Aligning System Security with the Cyber Resilience Act

Abstract

Publication series

Workshop

UN SDGs

Research Field

Keywords

Access to Document

Other files and links

Fingerprint

Cite this