A lock in a dark environment. The lock is surrounded by blue PCB-like lines.
empowering communication

The Cyber Resilience Act is coming: Get your necessary certifications!

The networking of IT and OT - from field level to the cloud - offers both major advantages and risks for the security of automated production systems. The German Federal Office for Information Security (BSI), for example, registers around 70 new vulnerabilities every day. But what about national and international legislation and standards that are intended to structurally increase security in the future? In this article, you can find out what companies need to look out for and where they can get additional input from experts such as the industrial communication specialist Hilscher.

Cyber Resilience Act and IEC 62443

In order to strategically strengthen and structurally anchor cyber security in Europe, the EU Commission proposed the Cyber Resilience Act (CRA) in 2022, a regulation to improve cyber security and cyber resilience in the European Union. It includes security standards for software and hardware products with digital elements. It is expected to come into force across Europe in July 2024. This also marks the start of the implementation period of up to three years, which can be a major challenge for many companies.
The IEC 62443 ("Industrial communication networks - IT security for networks and systems") a series of standards, is highly relevant for compliance with the CRA  and already covers a large part of the CRA’s requirements. The four sections of the standard describe all relevant security aspects of control and automation systems - from development and operation to maintenance through updates.

NIS-2 and  ISO 27001

Another relevant standard is the internationally applicable ISO 27001, which defines the requirements for information security management systems (ISMS) to ensure that companies deal with the topic of information security holistically and structurally rather than just taking selective measures.

ISO 27001 is relevant in part for the CRA and to a large extent for compliance with the NIS-2 directive, which regulates the cyber and information security of companies and institutions. In contrast to the CRA, however, NIS-2 does not have to be transposed into national law by the various member states until October 2024, which in Germany will be the NIS-2 Implementation and Cyber Security Strengthening Act (NIS-2UmsuCG) drawn up by the Federal Office for Information Security (BSI).

Your products and solutions are affected by the CRA?

Applying new standards to existing products and processes can be very complex for companies. If a particularly sensitive issue such as cyber security further complicates matters, things quickly become critical. As a leading manufacturer of hardware and software solutions in the field of industrial communication, Hilscher Gesellschaft für Systemautomation mbH plays a key role in industrial automation. Robust cybersecurity and compliance with regulatory requirements therefore are pivotal for the industrial communication specialist from Hattersheim near Frankfurt am Main.
Together with the German TÜV Rheinland as certifier and the consultant TÜV iSec Rheinland, Hilscher is in the midst of implementing the CRA and already has extensive know-how regarding the time constraints and practical implications of relevant certification processes. And users from industry can benefit from this.

A tray of embedded modules with a netX chip onboard in a production machine. A red gleam is seen in the background. A small golden needle for testing comes from the top pointing at the tray.
Get in touch with us, we are glad to help you:
A man in a black suit and white shirt is smiling into the camera. He wears glasses and has grey hair. The environment is very bright.
Frank Behnke
Rheinstrasse 15
65795
Hattersheim
Hesse
Germany
A lock in a dark environment. The lock is surrounded by blue PCB-like lines.

我们的 netX 通讯控件和安全协议固件帮助用户开发安全设备和系统。因此,您完全有能力满足 IEC 62443 或《网络弹性法案》等标准的要求。

从交钥匙产品到高度集成的解决方案和补充软件,赫优讯是您工业通讯的合作伙伴。了解我们如何帮助您将您的机器联网提升到一个全新的水平!