In today’s increasingly connected world, security is more than just protecting data—it’s about safeguarding the systems we rely on every day. From aircraft and trains to cars and medical devices, embedded systems are at the core of our daily lives. With cyber threats evolving constantly, security must be integrated from the very beginning. That’s the philosophy driving SYSGO and their approach to secure embedded systems.

SYSGO is a leading provider of secure operating systems and software solutions for embedded systems, particularly in industries where safety and security are critical. Their flagship product, PikeOS, is a separation kernel operating system that enables robust isolation of applications at the kernel level, balancing both safety and security requirements. SYSGO also offers ELinOS, a Linux-based solution for secure embedded applications.

In this episode of the SYSGO TechCast, we dive into the importance of security-by-design, the company’s unique solutions, and how they help customers in highly regulated industries meet strict safety and security requirements.

Security as a foundational Principle

Security at SYSGO is not an afterthought—it’s integrated into every stage of the product lifecycle. From early threat modeling to secure development practices and ongoing vulnerability management, SYSGO ensures that security is built-in, not bolted on. This approach is particularly vital for customers in aerospace, automotive, rail, and medical industries, where compromised systems could have real-world consequences beyond data loss.

Key elements of SYSGO’s security strategy include:

• Secure by Design: Safety and security are embedded from the start of product development
• Lifecycle Security Management: Continuous monitoring, vulnerability management, and customer communication to maintain system integrity
• Regulatory Compliance: Solutions designed to meet strict industry standards. Example: ISO 26262 (automotive), ISO 21434 (automotive cybersecurity), and Common Criteria (ISO 15408)

Highlights of PikeOS and Security Features

SYSGO’s PikeOS is particularly noteworthy for its software architecture, which drastically reduces the attack surface. Key features include:

• Separation Kernel: Enables isolation of critical and non-critical applications on the same hardware
• Multiple Independent Levels of Security (MILS): Ensures mixed-criticality applications can coexist without compromising overall system integrity
• Trusted Platform Module (TPM) Support: Provides secure cryptographic capabilities for key storage, secure boot, and data confidentiality
• Certifiable Security: Evaluated against the highest levels of vulnerability analysis (AVA_VAN.5 in Common Criteria), ensuring resilience against known threats

This combination of features positions PikeOS as a secure-by-design platform capable of meeting demanding customer requirements while remaining flexible and adaptable to new regulatory frameworks.

Customer Benefits

SYSGO’s approach delivers tangible benefits to customers in regulated industries:

1. Proven Security and Reliability: PikeOS and ELinOS provide a foundation that meets both performance and security requirements
2. Simplified Compliance: Customers can more easily meet industry standards and upcoming regulations like the European Cyber Resilience Act (CRA), which requires demonstrating security throughout the product lifecycle
3. Flexible Security Solutions: Customers can implement secure boot, application isolation, and cryptographic protection based on project needs
4. Ongoing Support and Communication: SYSGO maintains proactive engagement with customers through security bulletins and guidance on vulnerabilities, ensuring systems remain secure over time
5. Reduced Development Overhead: Security-by-design reduces the need for costly retroactive fixes, accelerating time-to-market without compromising safety or security

Preparing for the Future

The upcoming Cyber Resilience Act (CRA) in Europe will require manufacturers to demonstrate security across the entire lifecycle of embedded products. SYSGO’s products and processes are already aligned with these expectations, giving customers a head start in achieving compliance without reengineering their systems.

Conclusion

Security in embedded systems is not optional—it’s essential. SYSGO’s philosophy of security-by-design ensures that critical systems remain safe and resilient, protecting both data and lives. By integrating security from the ground up, offering advanced features like PikeOS’s separation kernel, and maintaining close collaboration with customers, SYSGO enables industries to meet today’s stringent standards while preparing for tomorrow’s challenges.