Author Archives: Richard


IoT device security to become part of CE marking by 2024

November 3, 2021
, , , ,
No Comments

The security and safety of wireless IoT devices took another step towards becoming part of EU CE compliance last Friday. The EU Commission announced its adoption of the delegated act to the Radio Equipment Directive

As a result, this act will create legal requirements for the security of wireless IoT devices. This change to the Radio Equipment Directive has significant implications for the CE marking of wireless IoT devices.

In simple terms this will make certain cyber security measures mandatory as part of wireless IoT device CE compliance and marking. This is the route that Craig Ormerod from TUV SUD and I suggested that the EU might be expected to follow, in our presentation at the IoTSF’s 23rd Plenary back in 2019. The key requirement is that there are safeguards in the IoT device to protect the users’ personal data and privacy, along with fraud prevention measures.

Demonstrating compliance and Standards

Demonstrating compliance is normally done against standards, in some cases market specific ones. The Commission is asking the European Standardisation Organisations to develop relevant standards. However, there are some existing standards that are likely to be appliable:

In the Consumer market some or all of the 13 controls in the ETSI standard EN 303 645 ” CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements ” [1] are likely to mandated. Associated with this ETSI Consumer cybersecurity standard is it’s partner test standard EN 103 701 “CYBER;  Cyber Security for Consumer Internet of Things:  Conformance Assessment of Baseline Requirements” [2].

For the Industrial sector a likely standards family which could be used to to demonstrate compliance would be EN IEC 62443 “Security for industrial automation and control systems” [3].

Where there are no standards for a specific sector then it will be necessary to seek the opinion of a Notified Body, as to whether the security mitigations are sufficent to ensure the product is compliant. Hopefully this lack of standards situation will not last to long. Ahead of standards, there are also other sources of support for demonstrating security compliance. A a good example being the IoTSF’s Assurance Framework [4], of which Xitex’s Richard Marshall was a lead author.

Compliance methods will be the same as the existing compliance approach with the Radio Equipment Directive, either through self assessment or independent third party assessment.


Unless the EU Council and Parliament raise no objections, the delegated act will come into force after a two month scrutiny period. Once the act comes into force, manufacturers will have a 30 months to make their products compliant, i.e. by mid 2024. In conclusion, with typical product development lifecycles being between 12 to 24 months, their security requirements need to be considered now for new and existing products.

Richard Marshall is Director and Managing partner at Xitex

Other useful related links:

[1] ETSI Standard ETSI 303 645 ” CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements”

[2] ETSI Standard ETSI TS 103 701 ” CYBER; Cyber Security for Consumer Internet of Things:  Conformance Assessment of Baseline Requirements”

[3] EN IEC 62443 Standard “Security for industrial automation and control systems”

[4] IoTSF “Assurance Framework” 3.0

Xitex IoT Security and regulation blog post:

Further information

If you have specific queries around IoT device security please contact us at:

Image courtesy of

IoT Hardware from Prototype to Production

DigiCatapult, Xitex, Arrow, SonyUKTEC & Microsoft have detailed the entire process of IoT hardware new production introduction

March 15, 2020
, , , , , ,
No Comments

The internet of things represents one of the biggest current business opportunities, as it underpins the digitisation of our economy, a transition towards what is hailed as the fourth industrial revolution. Digital Catapult, Xitex, Microsoft & Arrow recently published a guide ” “IoT Hardware from Prototype to Production Guide” for #startups and #scaleups.

Xitex is delighted to have been the lead author in the project in conjunction with the @DigiCatapult.

About the IoT Hardware from Prototype to Production Guide

Taking wireless IoT based products into production involves a variety of challenges. This paper is intended to provide guidance to navigate the entire process of IoT hardware production from the building of a basic prototype up to production at volume and end of product life. For each of these hardware manufacturing stages, the report highlights important considerations such as where to focus energy and provides a clearer understanding of the expectations that design and manufacturing partners may have, so an engagement with these can become more successful.

Target Audience

Digital Catapult’s IoT hardware from prototype to production guide is designed for UK entrepreneurs, startups and scaleups who are keen to launch hardware based IoT products and services.

Link to guide, which opens in a new tab can be found here:

Other resources and whitepapers on IoT development and security can be found at

Presenting at IoTBuild 2018

November 4, 2018
No Comments

The IoT Stack and Ecosystem Event covering Architecture, Connectivity, Security & Edge

IoT Build 2018 Invitation

Recognised as the UK’s leading event for IoT adopters, IoTBuild 2018 opens itself up to over 1000 executive level attendees. Attendees will gain access to 2 x conference tracks; 2 x technical theatres; consultancy clinics; start-up showcase, and the exhibition. In addition the event is an opportunity to meet and network with a pre-qualified audience of trusted advisors, solution vendors and those eager to learn. In it’s third year of running, IoTBuild 2018 is bigger and better than ever before.

We are proud to announce that Richard Marshall, Plenary Group Chair, IoT Security Foundation, will be speaking at IoTBuild 2018.

So we are pleased to offer you a complimentary Expo Ticket to join us this November. Your Expo Ticket will give you access to industry case studies in the Connectivity and Security theatre, entrance to the consultancy clinic, 1-2-1 meetings, exhibition and drinks reception.

To RSVP Your IoTBuild 2018 Expo ticket, please click this link!

IoTSF Plenary Group Chair Appointment

July 6, 2016
No Comments

We are delighted to announce that Richard Marshall, Managing Consultant at Xitex ltd, has been appointed as the Plenary Group Chair of the IoT Security Foundation (IoTSF).

The IoTSF was established in response to emerging threats that were found in the Internet of Things applications. It’s mission is to secure the Internet of Things. This is done by promoting and teaching good practice in appropriate security to users. Xitex are pleased to be a founder member of the IoTSF. 

Upon appointment as Plenary Group Chair, Richard commented: “I see the issue of security as a cornerstone to the adoption of the Internet of Things… I am honoured to be leading the Plenary.”

The Plenary Group of the IoTSF is a forum for central members to identify any challenges that they are facing. As Richard highlighted, “The industry urgently needs to address the issue of security or face the risk of heavy regulation and a potential loss of confidence in the markets”. Through the IoTSF Plenary Group, members can raise their concerns to active working groups. From here, these active working groups can then determine appropriate measures and outcomes. Typically they form best practice guidelines which fall under the simple requirement of being accessible, useful and actionable.

Dr John Haine, Chair of the IoTSF Executive Steering Board, said: “We’re really pleased to welcome Richard as the Plenary Chair. It is important that the IoTSF membership is able to determine its technical priorities and organise its’ work, and Richard’s combination of experience and talents will be a real boost in that area.”

Please find further details at the Internet of Things Security Foundation’s website.

Xitex at the Verification Futures 2016 Conference

February 3, 2016
No Comments

Xitex is pleased to announce that they will be presenting at the Verification Futures 2016 Conference on the 4th February 2016.

Organised by TVS, Verification Futures 2016 is a one day conference, exhibition and industry networking event to discuss the challenges faced in hardware verification. The day will host a fantastic opportunity to network with other verification engineers across Europe. As well as this, the event will offer an opportunity for end users to explain their current and present verification challenges, to collaborate with vendors and find solutions together.

Xitex’s presentation at Verifications Futures 2016 will be on Security Standards and Architecture Considerations for Secure Hardware Design and Verification.

Richard Marshall, Managing Consultant at Xitex ltd, will be presenting in at the event. His focus will be in consideration of the foundations of secure products. He will particularly discuss the need for true random number sources for nonce and key generation, as well as product compliance with standards such as FIPS 140-2 and 186-4. Where a larger number of customers must be considered – for example the mobile network operators mandating standards compliance – he will go on to consider what independent tests are available to demonstrate standards compliance. Consideration will also be given to some of the architectural security verification challenges and Richard will go on to look at a brief case study on secure hardware for 3G/4G Small cells.

Further information about the Verification Futures Conference 2016 can be found on their website at Verification Futures Europe 2016

Xitex joins the IoT Security Foundation (IoTSF)

October 14, 2015
No Comments

We’re pleased to announce that Xitex has become a Founder Member of the Internet of Things Security Foundation (IoTSF).IoTSF Founder Member

Following rapid technology advancements in recent years, a realisation has grown of the number of  benefits that the Internet of Things can offer, across multiple businesses.  Of course, this growth has also sprung up a new security challenge: as more devices become connected to one another, they open themselves up to attackers.

The IoTSF recognises that IoT security is a number one concern for executives, providers, system adopters and users alike. It has been established as a response to the rising concerns and challenges regarding security. The IoTSF strives to be ‘the expert resource for sharing knowledge, best practice and advice’.

Xitex ltd. has had first hand involvement in security improvements in connected devices. Our experience includes working with Small Cells and 3G/4G basestations that can be deployed in home and/or enterprise premises. Using this experience, we are now excited about being able to support organisations like the IoT Security Foundation in promoting awareness of good security practices and in the creation and development of codes of best practice.

We hope that, together, our work will strengthen the currently weak levels of product security in the growing IoT market.

For more information please see the Internet of Things Security Foundation (IoTSF) website.

How VW Might have Fixed their Emissions Problem

October 12, 2015
No Comments

How VW Might Have Fixed their Emission Problem

The recent publicity that surrounds the VW diesel emissions scandal only just begins to highlight the security challenges that IoT users and producers must consider today.

Using the VW diesel emissions scandal as a case study, Xitex’s founder Richard Marshall has written a blog post for the IoT Security Foundation on the importance of being able to remotely patch product firmware. His writing particularly looks at how VW might have reduced the impact of their diesel car emission problem if they had been able to remotely update the ECU firmware.

The full blog post can be found on their website: at: How VW Might Have Fixed their Emission Problem.

Layout mode
Predefined Skins
Custom Colors
Choose your skin color
Patterns Background
Images Background