Högskolan i Skövde

The increasing number of products with digital elements(PDE) has introduced several challenges in both industry and consumers as well as highlighted the importance of cybersecurity, The EU´s answer to this challenge is introducing new legislation namely the upcoming Cyber Resilience Act (CRA). The nature of this horizontal cybersecurity regulation poses challenges for manufacturers to navigate these legislative requirements into actionable steps. The goal of this thesis is to address this gap by developing a structured implementation guide for the CRA utilizing Design Science Research (DSR). The steps taken during the DSR included iterative development and validation of the implementation guide, incorporating feedback from stakeholders, and conducting evaluations in cooperation with industry partners. The resulting structured guide presents manufacturers with activities and tools to perform them covering different aspects of the CRA including five major areas: applicability and categorization of PDE, risk assessment, implementation of secure by design and by default PDEs, vulnerability management, conformity and maintenance during the PDE’s lifecycle. The designed guide incorporates established standards such as ETSI EN 303 645 and ISA/IEC 62443 4-1 to ensure alignment with internationally recognized standards and best practices. The results align and complement existing literature that emphasizes the necessity of practical tools and frameworks to bridge the gap between regulatory requirements and implementation. This study contributes to the field by providing a validated tool that can be used by practitioners for following CRA. The practical aspects of the implementation guide aim to address a gap in the field by providing insights into the CRA and upcoming trends in cybersecurity, thus the findings contribute to both academia and industry by presenting a resource for navigating the CRA.