SciTransfer
DOSS · Project

Secure IoT Supply Chain Management and Automated Cybersecurity Certification System

digitalTestedTRL 5

Imagine every electronic part in a smart device came with a digital birth certificate and a health record. This system tracks every piece of software and hardware from the factory to your home to ensure no 'hidden doors' were left open for hackers. It uses a digital twin—a virtual copy of the system—to simulate attacks and find weaknesses before they happen in real life.

By the numbers
3
IoT domains for validation (automotive, energy, smart home)
6
best-practice documents collected
5
regulations analyzed
The business problem

What needed solving

IoT supply chains are vulnerable because a single compromised supplier can impact thousands of end customers. Companies currently lack a standardized way to verify the security of third-party hardware and software components throughout their lifecycle.

The solution

What was built

A 'Device Security Passport' (DSP) that aggregates SBOM, HBOM, and MUD files. A Digital Cybersecurity Twin and an automated Architecture Security Validator for pre-certification.

Audience

Who needs this

IoT Device ManufacturersCritical Infrastructure OperatorsAutomotive Tier-1 SuppliersCybersecurity Compliance Auditors
Business applications

Who can put this to work

Automotive
enterprise
Target: Connected vehicle manufacturer

If you are a vehicle manufacturer dealing with insecure third-party sensors — this project developed a Device Security Passport that provides a machine-readable security overview throughout the device's lifecycle.

Energy
enterprise
Target: Smart grid operator

If you are a grid operator dealing with complex IoT architectures — this project developed a Digital Cybersecurity Twin that uses AI to discover attack surfaces and suggest protective measures.

Consumer Electronics
SME
Target: Smart home device brand

If you are a smart home brand dealing with compliance for the European Cyber Resilience Act — this project developed an automated Architecture Security Validator to provide pre-certification against security standards.

Frequently asked

Quick answers

What is the cost or pricing for this solution?

Based on available project data, pricing and cost structures are not specified as this is a Horizon-RIA research project.

Can this be deployed at an industrial scale?

The project validates its technology in three major domains: automotive, energy, and smart home, suggesting a design intended for industrial-scale application.

What are the IP and licensing terms?

Based on available project data, specific licensing terms are not listed, though the project contributes to standardisation and policy recommendations.

How does this help with EU regulations?

The system is an early implementation of the requirements of the European Cyber Resilience Act, providing an operational reference model for compliance.

How is the technology integrated into existing workflows?

It integrates existing descriptors like SBOM, HBOM, MUD, and VEX into a central Device Security Passport Platform with version control and audit trails.

Consortium

Who built it

The consortium is well-balanced for commercialization, featuring 11 partners across 6 countries. With an industry ratio of 45% and 5 SMEs involved, there is a strong lean toward practical application rather than pure academic research, supported by 4 research organizations and 2 universities.

How to reach the team

Contact ATOS MAGYARORSZAG KORLATOLT FELELOSSSEGU TARSASAG in Hungary

Next steps

Talk to the team behind this work.

Contact us to explore licensing opportunities for the Device Security Passport technology.