“Schneider Electric sees cybersecurity as a fundamental and cross-sectoral topic. It involves all our products, from sensors and medium-voltage circuit breakers to our EcoStruxure gangways,"
highlighted Nathalie Feyt, Product Security VP of the Energy Management Branch at Schneider Electric.
“First, this is about ensuring the integrity and authenticity of software that is embedded in our products, as they are often used in critical environments. We also place great value in cyber resilience. If a product is attacked, there must not be any consequences on the safety of people, or on the business continuity of our clients.“
To reinforce the security of its hardware components and embedded systems, Schneider Electric is supported by high-level partnerships. Since 2019, the industrial leader has been collaborating with CEA-Leti, recognized for its expertise in this field, including for the past 25 years via its ANSSI approved Centre d'Évaluation de la Sécurité des Technologies de l'Information (CESTI, French Center for the Assessment of Information Technology and Security). This proficiency complements Schneider Electric's experience in secure coding and in the assessment of embedded product security.
Cybersecurity throughout the lifecycle of products
Following initial joint works, the partners rapidly decided to structure and consolidate their collaboration. In 2020, they came together as a joint laboratory dedicated to the cybersecurity of industrial equipment.
“Our goal is to cover the entire lifecycle of products,"
added Marion Andrillat, head of industrial cybersecurity partnerships at CEA-Leti.
“First, continuing with our secure by design approach, protection measures must be defined from the design stage, in accordance with both regulatory requirements and standards, depending on needs and use cases. The robustness of built-in security measures is then tested and qualified. Furthermore, the challenge involves detecting and countering attacks while a product is in use, before implementing cyber resilience mechanisms."
The joint laboratory, which was first renewed in 2022 for three years, has led to developing cutting-edge tools, such as a test bench specific to vulnerabilities in wireless protocols. The partners also studied mechanisms for detecting attacks in embedded systems that rely on AI. Since it is hard to predict the features of future attacks, it is more appropriate to detect any kind of anomalous behavior in a system. Thus, an AI model can learn a system's nominal functioning and issue an alert if there are deviations, as these can signal an attack.
Another extension to explore new cybersecurity challenges
This rich collaboration is not about to end; late 2025, Schneider Electric and CEA announced that they were prolonging their joint laboratory operations for a further three years.
“There is still so much to develop in cybersecurity," noted Nathalie Feyt. “We first want to continue previous joint research and scale it, by integrating it more into our design practices. We would like to continue exploring topics such as post-quantum cryptography or how to secure communications in industrial communicating objects (IoT)."
“We must also take into account regulatory evolutions, such as the Cyber Resilience Act, which will enter into force in December 2027",
added Marion Andrillat.
“This will oblige manufacturers to take into consideration known vulnerabilities in products fitted with digital components. The joint laboratory will therefore help Schneider Electric best prepare for this new compliance requirement."
Whether it's post-quantum cryptography, new regulations, embedded AI, or optimizing the management of vulnerabilities, these topics will continue to mobilize the two partners for at least three more years.