Cybersecurity Requirements for Connected Appliances

As the world becomes more interconnected, companies must address constantly changing global and local regulatory requirements while meeting market demands for faster innovation and increased safety, security and sustainability. As technology advances in appliances, related safety challenges increase.

Manufacturers aim to provide the safest possible products to the market, but what does safety mean today? In this context, safety refers to mitigating harm or other dangers. It can also refer to the control of recognized hazards as a way to achieve an acceptable level of risk.

Product safety addresses avoiding unacceptable risks to safety, such as fire hazards, electrical shock and personal injury. Functional safety, on the other hand, acts as a subsystem of product safety. Usually, such a subsystem refers to integrated appliance control, and it is in charge of the correct execution of the specific functions that reduce the risks to an acceptable level identified in the end use of a product.

When we talk about connected systems, we refer to cybersecurity as a combination of policies, technologies and procedures to help enhance confidentiality, integrity and availability. To be confident that appliances sold in the market are as safe as possible, we must consider product safety, functional safety and cybersecurity.

IEC 60335-1, Ed. 6, Annex U overview

The standards in the IEC 60335 series comprise a general part (IEC 60335-1) plus several other parts applicable to each specific type of appliance.

These standards help appliance manufacturers cope with the safety challenges mentioned above. They include a minimum set of safety requirements written by several IEC technical committees to help provide appliances with a tolerable residual safety risk.

IEC 60335-1 includes product safety requirements (Clauses 8 to 32), and Annex R includes functional safety requirements used to evaluate the software associated with the protective electronic control functions employed for product safety compliance.

Annex U, published in 2020, includes a set of cybersecurity requirements for preventing unauthorized access from impairing product safety and functional safety compliance. The requirements also help mitigate the effects of transmission failures via remote communication through public networks.

Annex U only applies to appliances that connect to public networks, either wired (such as a local area network (LAN)) or wireless (such as Bluetooth^®), while remote communication via public networks applies in multiple scenarios, including downloading software or transmitting data associated with:

• Software compliance in relation to Annex R, e.g., new software version for self-cleaning ovens.
• Compliance with Clauses 8 to 32 of IEC 60335-1, e.g., change washing machine cycle parameters.
• Parts of the software not related to the above cases but not partitioned/segregated from the above software parts.

Annex U does not apply in two specific cases:

• Evaluation of Clauses 8 to 32 of IEC 60335-1 reveals that compliance with the standard is software-independent.
• Remote communication through public networks is solely for transmitting data-driven messages or push remote monitoring.

In addition, Annex U does not cover aspects concerning the confidentiality of data and consumer privacy.

Directives and standards more relevant for this purpose for appliances and consumer products include Article 3.3 of the Radio Equipment Directive (RED) 2014/53/EU and ETSI 303 645.

Focus on Annex U requirements

Software within appliance products shall implement all the necessary measures to control fault/error conditions related to remote communication as required in Annex U, including protection of safety-relevant data, integrity against corruption and wrong or incomplete communication. Annex U does not limit communication protocols/technologies used by appliances to establish remote communication. However, the selected security protocol implemented to fulfill Annex U requirements shall be verified and validated as required by IEC 60335-1.

Software modularity is required to keep the parts involved in the public network communication segregated from the rest of the software.

The safe operation of an appliance shall not depend on remote communication. Local user interface functions shall always have priority over remote communication. In case remote communication is used, it shall include proper access control functions, such as:

• Identification – A unique identifier shall be provided for users and/or devices.
• Authentication – The process of verifying the user’s or device’s identity.
• Authorization – After completing identification and authentication, the user or device shall be authorized to enable remote communication.

Cryptographic techniques shall be used during authentication and after authorization to implement fundamental security properties.

Modern techniques are founded on protocols based on symmetric, asymmetric or hybrid keys. Currently, there is no list of acceptable cryptographic techniques in Annex U; there is a need to adopt a globally accepted cryptographic algorithm where no hacking/vulnerabilities have yet been discovered.

UL Solutions can support appliance manufacturers with any directive and regulation applicable to appliance products, including safety certification; cybersecurity; electromagnetic compatibility (EMC); and wireless, interoperability and connectivity.

In the specific case of Annex U, we highly recommend that you involve UL Solutions experts in the early stages of the product development process. Considering safety and security requirements only at the last stages (implementation) increases the risk of requiring rework that can impact feasibility, costs and time to market.

The UL Solutions Design Partnership portfolio supports manufacturers during the design stages, helping them understand compliance requirements and deliver their products to market faster.