New Firmware Monitoring Tool Targets Cyber Resilience Act
Automated digital twin technology provides continuous security analysis for connected devices throughout the entire product lifecycle.
- By Jesse Jacobs
- Apr 30, 2026
Software vulnerabilities within connected devices are facing increased scrutiny as manufacturers prepare for new regulatory requirements. ONEKEY has launched a continuous firmware monitoring system designed to help manufacturers comply with the European Union’s Cyber Resilience Act (CRA).
The technology utilizes digital twins—virtual representations of device firmware—to conduct automated security scans without requiring access to physical hardware or source code. While traditional security reviews are often conducted once during development, this platform reanalyzes firmware daily to identify emerging risks.
The system functions by creating a structured Software Bill of Materials (SBOM), which maps every component and third-party library within a device. This inventory is then cross-referenced against global vulnerability databases. If a new flaw is discovered in an open-source component, the system automatically alerts the manufacturer if their products are affected.
Firmware, the permanent software programmed into a device's hardware, represents a significant attack surface for industrial control systems, medical devices and automotive components. Because these systems often rely on a complex web of external software libraries, a single vulnerability in a sub-component can compromise the entire machine.
The platform also includes automated risk assessment to help Product Security Incident Response Teams (PSIRTs) prioritize threats. By analyzing the exploitability of a vulnerability and its potential impact on system functions, the tool provides a targeted list of issues for remediation.
The shift toward continuous monitoring marks a change in strategy for the industry. Under the CRA, manufacturers must maintain security standards from the initial design phase through the end of a product’s operational life.