Sandbox Solutions and Other Tools for Cyber-Securing Industrial Automation Software

Director, Industry

Director, Solutions Engineering, EMEA

Senior Technical Product Lead, Quality Assurance

Modern industrial environments are evolving, with connected IoT devices and integrated systems that drive operations, exposing traditionally isolated processes to new risks. To shield against increasingly sophisticated cyber threats, regulations like the Cyber Resilience Act(CRA) are being introduced, giving pause to manufacturers and software vendors since non-compliance carries significant financial and reputational consequences.

In readiness, Qt Group has a comprehensive strategy that spans secure software design, sandboxed application management, and continuous code quality checks. This holistic approach ensures that security is maintained from design to deployment, safeguarding critical infrastructure against risks like ransomware, unauthorized access, and data exfiltration while aligning with strict regulatory requirements.

The EU's Cyber Resilience Act is mostly an economic issue. It can impose fines for non-compliance and for providing incorrect, incomplete, or misleading information.

Qt Framework and tools span over a full scale of devices, including desktop, mobile, and embedded systems. For mobile platforms, we leverage standard mechanisms (e.g., Apple's and Google's certification protocols), adding layers of protection.

• Default encryption tools such as TLSand X509 certificationensure that all communications are securely encrypted.

• Qt further minimizes risk by only including essential libraries and supporting static builds, reducing exposure to third-party vulnerabilities. This approach aligns with modern supply chain security practices by limiting dependency footprints.

• Memory profiling:Tools like memcheck, wall client, and cppcheckin Qt Creator enable developers to track memory usage, detect leaks, and avoid buffer overflows.

Industrial device manufacturers increasingly rely on third-party suppliers, which raises supply chain cybersecurity risks when external vendors inadvertently introduce vulnerabilities across systems. However, with Qt Framework, for example, the need for numerous third-party integrations is significantly reduced. Unlike traditional HMI frameworks that assemble components from various suppliers, Qt Framework provides an all-encompassing solution-covering everything from middleware to low-level drivers-with every component quality checked out-of-the-box. By integrating continuous architecture and code quality checks across the entire stack, Qt Framework also ensures that every layer is rigorously verified, minimizing dependency on external vendors.

Qt Framework delivers enterprise-grade cybersecurity with built-in sandboxing, high-level encryption APIs, and regular security updates-keeping your applications secure and compliant throughout their entire lifecycle.

Qt Group's product portfolio also includes comprehensive Quality Assurance solutions to enhance overall software quality and compliance. Our approach to secure software development goes beyond traditional methods. It combines thorough architectural verificationwith regular static analysisto detect issues such as violations, dead code, and other vulnerabilities while also generating detailed documentation that supports compliance and streamlines audits. With customizable rules accessible through Python API, Axivion system supports organizations working to meet standard and regulation requirements, including those related to industrial cybersecurity and GDPR data privacy.

• Code coverage analysis:The Coco Code Coverage toolgives you visibility into your complete codebase and ensures that every line of code is tested.

• Axivion Static Code Analysis:Provides comprehensive static analysis to catch codebase issues and violations early in the development cycle.

• Axivion Software Architecture Verification:Automatically checks that your system's architecture aligns with the design and standard principles, preventing the creation of interfaces that could expose to security and compliance risks.

• We further maintain a strict alignment between design and implementation through continuous checksand Universal Modelling Language (UML) integration. This holistic strategy enhances code quality, bolsters security, and preserves the integrity of your production systems.

Selecting third-party software suppliers, whether commercial or open source, is a critical decision. Choosing a supplier with a well-maintained codebase and a robust vulnerability management strategy can enhance your product development rather than exposing you to additional supply chain risks.