Enhanced security for a connected world
Burgeoning data volumes and growing networking are crying out for secure solutions
In the age of Industry 4.0 and digitalisation, cybersecurity tops the agenda of business companies. Cyber attacks are now deemed the biggest commercial risk for companies worldwide.
For the EU, the Network and Information Security Directive (NIS Directive) sets out the common security standard for its member states. In a bid to tackle the technical challenges that lie ahead, the EU is currently working to enhance the already high level of cybersecurity.
While the Security Directive NIS 2 has been in place since January 2023, it requires to be transposed into national law by October 2024. NIS 2 represents a significant increase in the requirements that operators and member states are obliged to fulfil. A key focus lies in broadening the scope to embrace additional sectors within the field of critical infrastructure, such as the charging infrastructure for e-mobility. It calls for an EU-wide coordinated risk assessment of particularly critical supply chains. This places the focus on the production process in many sectors of manufacturing.
Manufacturing sectors concerned are those that produce
- Vehicles and vehicle parts (automotive industry)
- Medical products
- Data processing equipment
- Electronic and optical products
- Mechanical engineering products
- Chemical substances
Reliable protection against cyber attacks
Digital, connected manufacturing and cybersecurity are now meeting face to face at a whole new level of security. The market is calling for secure products which are well armed to fend off hacker attacks and for solutions that come with some form of proof of security, such as a security certification in line with IEC 62443.
These new regulations for connected products and solutions will contribute decisively in future to enhancing cybersecurity in connected manufacturing and critical infrastructures.
For this purpose, achelos offers a comprehensive portfolio of security engineering services and customised key management solutions for industrial cybersecurity.
As a rule, cybersecurity is closely linked to the concept of information technology (IT). Another important field of Industry 4.0 cybersecurity encompasses manufacturing facilities and production processes. The key focus here is on connected industrial control systems (ICS) and operational technology (OT).
The expansion in the scope of the EU Network and Information Security Directive (NIS 2.0) calls for action. Manufacturers of components and plant and machinery are seeking solutions and are looking to significantly enhance cybersecurity.
Challenges for manufacturers:
- Level 3 Security Protection
Protecting ICS from attacks by professional hackers must be guaranteed. This is assured by the use of hardware-based security modules. Embedded Secure Elements (eSE) and Trusted Platform Modules (TMP) are used in connected equipment to adequately protect secret cryptographic keys.
- High-level Certificates
Providers need high-quality electronic certificates to prove the authenticity of their hardware and software products.
Electronic certificates are provided with a public key infrastructure for this purpose. Setup and operation are generally carried out by the component manufacturer or by the plant and machinery manufacturer. This key management system must be auditable to guarantee the quality of the electronic certificates.
Advanced Driver Assistance Systems (ADAS) and Autonomous Driving (AD) are key growth areas in the automotive industry. Direct vehicle-to-vehicle communication or communication with the infrastructure – generally also referred to as V2X – is transforming the vehicle itself. This is turning it into a mobile IT data centre with embedded control units (ECU), sensors, monitoring systems, infotainment systems and wireless communication modules.
The binding EU Security Directive sets out the legal framework for connected transport in Europe. This means that there is now no way around cybersecurity and that security certification in line with common criteria is mandatory in future for particularly critical building blocks of V2X architecture.
Many of the new communication interfaces in connected vehicles considerably widen the scope for attacks by hackers. In view of this, UNECE 29 has developed two important UN regulations on cybersecurity (UNECE 155) and software update management (UNECE 156). From July 2022, these regulations are mandatory for all new vehicle type registrations and from July 2024 for all vehicle type registrations.
They prescribe the installation of a cybersecurity management system (CSMS) for every vehicle type. This allows vehicle manufacturers and their suppliers to ensure not only the functional safety of their products but also their cybersecurity.
We would be pleased to be a competent cybersecurity partner for you in the industrial sector.
Our solutions in the field of Industry 4.0 and cybersecurity
Any questions? Your contact person for queries in this field is:
achelos expertise and solutions in use:
All referencesSetting up company-wide public key infrastructure (PKI)
Learn moreSuccessful migration to Keyfactor EJBCA Software Appliance and SignServer Software Appliance
Learn more