The QNX Commitment to Cybersecurity
Cybersecurity Culture
Certifications
QNX has earned several key industry certifications, showcasing its commitment to cybersecurity, including the certification to the ISO/SAE 21434 automotive cybersecurity standard, TISAX, and ISO/IEC 27001 certifications. These successes showcase a solid infrastructure and foundation for delivering secure solutions. This foundation can facilitate certification to other cybersecurity standards, including IEC 62443 for industrial automation, FDA guidelines for medical device manufacturers, or future harmonized standards adopted by the EU Cyber Resilience Act.
Visit our Certifications page to see the full list of certificates.
Product Excellence
While IT cybersecurity is a well-established subject with popular models like the CIA (Confidentiality, Integrity, and Availability) triad, there is no single proven formula for building robust cybersecurity into embedded devices. To protect an embedded system, security mechanisms should be considered at all levels of the system. Consider trusted hardware combined with techniques for secure booting, tamper protection, and various access control all the way to real-time intrusion detection. The operating system plays a pivotal role.
QNX strongly prioritizes security, leading the way in a world where no proven standard or formula exists for building robust cybersecurity into embedded systems. As a microkernel, the QNX® OS has a minimal attack surface. It also boosts the cybersecurity of the system by isolating critical components that manage tasks, memory, and peripheral access, ensuring system integrity and availability even if user space is compromised. This architecture also enables QNX to implement unique fine-grained access controls through security policies, providing precise control over process privileges. This approach, combined with comprehensive cybersecurity capabilities like encryption, spatial separation, and networking security mechanisms, ensures that QNX solutions offer unparalleled protection for embedded environments. QNX extends these benefits into secure virtual machine execution with the QNX® Hypervisor.
Cybersecurity Ecosystem and Professional Services
QNX collaborates with partners to offer additional cybersecurity solutions, enhancing and extending the cybersecurity of embedded systems built on a QNX foundation. For example, QNX has partnered with Bosch ETAS for their automotive firewall and host-based intrusion detection technology, allowing automakers and their suppliers to implement continuous security monitoring to meet UN-R 155.
Beyond product offerings, QNX cybersecurity experts offer professional services to address various cybersecurity needs throughout your product lifecycle, ensuring the safety of your product and end users.
Talk to Us
Secure your critical embedded systems with QNX expertise and a robust cybersecurity framework. Contact us today to ensure protection against future cyber threats.
Related Products
Resources
FAQ
What cybersecurity certifications has QNX obtained?
QNX meets industry security standards, including ISO/SAE 21434, TISAX, and ISO/IEC 27001, ensuring adherence to best-in-class cybersecurity practices.
Is the QNX OS inherently secure?
QNX products are designed with cybersecurity at their core. The microkernel architecture of the QNX operating system limits its attack surface, making it inherently more secure. This architecture, combined with advanced security features including access control, encryption, QNX Trusted Disk, ensures that QNX software provides robust protection against cyber threats. The innovative QNX OS is an RTOS with a microkernel architecture that significantly reduces its attack surface. Its design and dedicated cybersecurity features allow it to defend and protect against a wide variety of attacks.
What about the QNX Hypervisor?
The QNX Hypervisor is built as an extension of the QNX OS microkernel. As such, it inherits the cybersecurity features of the microkernel itself as well as the secure execution environment created by the microkernel. In addition, the hypervisor has additional layers that are purpose-built for secure virtual machine operation.
Learn MoreWhat significance does the ISO 21434 have for companies working with the automotive industry?
Essentially, ISO 21434 encompasses the entire lifecycle of automotive products, from initial concept to decommissioning. It provides guidelines on how to identify and mitigate cybersecurity risks, enabling every component and system within a vehicle is safeguarded against potential threats. By embracing the standard, QNX has enhanced all aspects of its development lifecycle for cybersecurity, from performing threat analysis, risk assessment and static code analysis, to doing cybersecurity-related testing, improving on its vulnerability handling capacities, and more.
How are safety and cybersecurity related for products built on a QNX foundation?
In automotive, for example, ISO 21434, the automotive cybersecurity standard, and ISO 26262, the functional safety standard for the development of electrical and electronic systems in road vehicles, have complementary goals, as there’s no safety without cybersecurity. The two standards emphasize the importance of integrating their respective criteria into the overall engineering process, and both cover the lifecycle of a product from concept to maintenance to decommissioning. By achieving this new cybersecurity certification, QNX adds a new layer of protection for automakers, building on existing ISO 26262 ASIL D certification for QNX OS for Safety and QNX Hypervisor for Safety, and has proven its dedication to maintaining both stringent cybersecurity and safety standards throughout the product lifecycle.