Cybersecurity for connected solutions in industry and transport

Cybersecurity for connected solutions in industry and transport

Rapid increases in data volumes and increasing networking require secure solutions

Commercial enterprises are today in the process of implementing digitalisation and Industry 4.0, so cybersecurity is currently right at the top of their agenda. In fact, cyber attacks are now considered the most important business risk for companies worldwide.

In the EU, the Directive on security of network and information systems (NIS Directive) defines the common security standard of the member states. The EU is currently working on increasing the already high level of cybersecurity as a way of overcoming future technical challenges.

The planned Directive (NIS 2.0) will raise the bar significantly in terms of the requirements placed on operators and member states.

Focus is also on extending the scope of sectors included in the critical infrastructure, such as the charging station infrastructure for e-mobility. The aim here is for particularly critical supply chains throughout the EU to be examined with a coordinated risk assessment. In many production areas, this is shifting the focus to manufacturing.

This affects production areas used in the manufacture of the following:

  • Vehicles and vehicle parts (automotive industry)
  • Medical devices
  • Data processing equipment
  • Electronic and optical products
  • Engineering products
  • Chemical substances

Security engineering and key management solutions for the ultimate in industrial cybersecurity

Digital, networked manufacturing and cybersecurity come together at a new security level. The market is demanding secure products and solutions that can reliably fend off hacker attacks and come with verified security, for example in the form of safety certification to IEC 62443.

The new provisions for networked products and solutions will in future make a key contribution to achieving greater cybersecurity in both networked manufacturing operations and critical infrastructures.

To this end, achelos offers an extensive portfolio of comprehensive security engineering services and individual key management solutions for industrial cybersecurity.



Reliable protection against cyber attacks

Automation industry

The term cybersecurity is generally closely associated with the field of information technology (IT). However, manufacturing systems and production processes represent another extremely important field of cybersecurity. The focus here is on networked industrial control systems (ICS), the operational technology (OT).

The extension of the EU Directive on security of network and information systems (NIS 2.0) will require action to be taken. Component manufacturers, as well as plant and machinery manufacturers are therefore searching for solutions and are keen to significantly increase their cybersecurity.

Challenges for manufacturers:

  • Security Level 3 protection

    The ICS must be protected from professional hacker attacks. Hardware-based security modules are used here. Embedded Secure Elements (eSEs) and Trusted Platform Modules (TPMs) are used in networked devices to provide adequate protection for secret, cryptographic keys.
  • High-grade certificates

    Providers require high-grade electronic certificates to demonstrate the authenticity of their hardware and software products.

Electronic certificates are made available via a public key infrastructure here, which is generally set up and operated by component or plant & machinery manufacturers. This key management system should also be auditable in order to guarantee the quality of the electronic certificates.

Customer Story

Read how Phoenix Contact, a global market leader in components, systems and solutions for electrical engineering, electronics and automation, has implemented the development of a company-wide, scalable and secure PKI!

Automotive industry

Advanced driver assistance systems (ADAS) and autonomous driving (AD) are important growth areas in the automotive industry. Direct communication between vehicles or vehicles and the infrastructure – generally also V2X – is transforming the nature of transportation. The vehicles themselves then become mobile IT data centres with embedded control units (ECUs), sensors, monitoring systems, infotainment systems and wireless communication modules.

The EU's binding security directive sets outs the legal framework conditions for networked transportation in Europe. In future, security certification to Common Criteria will be mandatory for particularly critical modules in the V2X architecture.

The fact that networked vehicles use many new communication interfaces significantly increases the scope of potential attack options for hackers. For this reason, the UNECE WP.29 World Forum has drafted two important UN regulations on cybersecurity (UNECE 155) and software update management (UNECE 156). These regulations will be obligatory for all new vehicle type approvals as of July 2022 and then for all vehicle type approvals as of July 2024.

Establishment of a cybersecurity management system (CSMS) is stipulated for each vehicle type. Alongside functional security, this will also help the vehicle manufacturers and their suppliers ensure the cybersecurity of their products.

Whitepaper

Learn more about how vehicle manufacturers can provide proof of mandatory cybersecurity according to UNECE 155 required for the approval of new vehicles. Read the joint whitepaper "Securing TLS-supported Ethernet Communication" from dSPACE an achelos.

 

Our portfolio for industrial cybersecurity

Security engineering for cybersecurity in vehicles

Efficient integration of cybersecurity in the vehicle development process

Common Criteria in the automotive environment

With its many years of experience in the development and evaluation of secure software, achelos boasts profound cryptographic expertise and specialist knowledge of embedded systems for every project phase. Having collaborated both with testing centres and manufacturers on Common Criteria evaluations for high-security products, we are a professional partner offering you precisely what you need. Our pool of experience saves a great deal of time and money, particularly when performing evaluations. High costs for subsequent revisions/amendments can then be avoided altogether.

TARA and security requirements engineering

Secure software starts with a risk assessment. Our security engineers support you when performing the threat analysis and risk assessment to ensure that security requirements can be specified efficiently for your product. Our security engineers plan and host security workshops as a way of identifying potential threats to the security of vehicle components and assessing their severity. The results of the workshops can then be used to derive security objectives and security requirements for ongoing project work.

Our security engineers accompany you throughout the entire development process. They examine security requirements, work with you to develop security architectures and are the central contacts for any product security-related issues and questions your team of developers may have.

Requirement engineering offers excellent methods for deriving testable security requirements. Our security engineers adopt this approach and then use an iterative process to develop robust security concepts and security architectures together with your specialists and system architects.

Relevant standards such as ISO 21434 are obviously also taken into account here.

Integration partner for high-security V2X applications

As integration partner, we support you in the implementation of cybersecurity and cryptographic functions in embedded Secure Elements (eSEs) and hardware security modules (HSMs) to enable ICS vehicle components to be toughened ready for product certification.

The security engineers at achelos have amassed many years of comprehensive expert knowledge and experience in the development of security-relevant applications, as well as operating systems for smartcards. This profound expertise in and around health insurance cards and bank cards has taught us how to work with extremely strict security standards.

As a manufacturer-independent consulting and software development house, we offer our customers a high degree of flexibility when integrating and developing products and solutions.

TLS Inspector | IKE/IPsec Inspector for automotive

TLS and IKE/IPsec test suites from achelos

As per UNECE 155, a vehicle must verify the authenticity and integrity of the messages it receives. Confidential data that is sent to or from the vehicle must also be protected to prevent unauthorised access. In IP-based communication channels, this is performed via TLS and IKE/IPSec. UNECE 155 has placed great emphasis on safeguarding cybersecurity. With the TLS Inspector and the IKE/IPSec Inspector, achelos offers vehicle and vehicle component manufacturers an automated testing tool.

Customers can use this for reliable, automated and repeatable testing of the cryptographic security of the communication channels used in their vehicles for conformity, known weaknesses and correct configuration.

 

 

 

Industrial key management solutions

Optimum key management solutions thanks to optimum consulting and first class products

achelos provides PKI solutions for high-grade electronic certificates to verify the authenticity of the hardware and software in ICS products. As a recognised IT security expert, we offer comprehensive services for establishing new or migrating existing public key infrastructures and key management systems. This starts with system planning and continues through system provision, all the way up to secure operation.

We observe relevant standards and "best practices" for the industrial sector, for which certification to IEC 62443 or ISO 27001 is sufficient. We work with you to design an optimum and individual PKI solution.

achelos provides support for integration into production and development processes with experienced and certified IT consultants. Our experts attend intensive training from the respective manufacturers on the products they use and constantly add to their knowledge and qualifications. As a customer, you benefit from a vast pool of experience resulting from successfully completed integration projects. Our team recognises and understands the key issues in any project and can overcome challenges thanks to extensive expertise.

achelos uses high-grade PKI products that have been proven worldwide, are security-tested and come with outstanding product features.

As a certified Keyfactor Partner, achelos for example provides PKI appliances and SignServer appliances, as well as the Identity Authority Manager from the same manufacturer.

We offer comprehensive support

The team of experts at achelos also supports customers in the operational phase with supplementary services. We offer targeted 1st and 2nd line support in both German and English, as we know the customer solution very well. If desired, we can perform this service on site or as managed service, for example including PKI administration on the customer's behalf.

Security engineering for secure ICS products

Successful development of secure ICS products

Expert knowledge

achelos has many years of experience in the development and evaluation of secure software. Our team has profound cryptographic expertise and specialist knowledge of embedded systems for all project phases. Having worked on a large number of evaluation projects, we have supported both testing centres and manufacturers in evaluating high-security products to Common Criteria. Our business partners benefited from significant time and money savings here and were also able to avoid costs for subsequent modifications.

The team of experts at achelos provides you with professional and efficient support during the evaluation process.

TARA and security requirements engineering

Secure software starts with a risk assessment. Our security engineers support you when performing the threat analysis and risk assessment to ensure that security requirements can be specified efficiently for your product. We plan and host security workshops as a way of identifying potential threats to the security of ICS components and assessing their severity. Based on the results of the workshops, we then define security objectives and security requirements for ongoing project work.

Our security engineers accompany you throughout the entire development process. They examine security requirements, work with you to develop security architectures and are the central contacts for any product security-related issues and questions your team of developers may have.

Requirement engineering offers excellent methods for deriving testable security requirements. Our security engineers adopt this approach and then use an iterative process to develop robust security concepts and security architectures together with your specialists and system architects.

Relevant standards such as ISO 62443 and OPC-UA are obviously also taken into account here.

Integration partner for eSEs

As integration partner, we support you in the implementation of cybersecurity and cryptographic functions in embedded Secure Elements (eSEs) and hardware security modules (HSMs) to enable ICS components to be toughened ready for product certification.

The security engineers at achelos have amassed many years of comprehensive expert knowledge and experience in the development of security-relevant applications, as well as operating systems for smartcards. This profound expertise in and around health insurance cards and bank cards has taught us how to work with extremely strict security standards.

As a manufacturer-independent consulting and software development house, we offer our customers a high degree of flexibility when integrating and developing products and solutions.

 

We are happy to be your professional partner for cybersecurity in the industrial environment.

Michael Jahnich

Director Business Development

Email:

Phone:
+49 5251 14212-378