A lock in a dark environment. The lock is surrounded by blue PCB-like lines.
empowering communication

The Cyber Resilience Act is coming: Get your necessary certifications!

The networking of IT and OT - from field level to the cloud - offers both major advantages and risks for the security of automated production systems. The German Federal Office for Information Security (BSI), for example, registers around 70 new vulnerabilities every day. But what about national and international legislation and standards that are intended to structurally increase security in the future? In this article, you can find out what companies need to look out for and where they can get additional input from experts such as the industrial communication specialist Hilscher.

Cyber Resilience Act and IEC 62443

In order to strategically strengthen and structurally anchor cyber security in Europe, the EU Commission proposed the Cyber Resilience Act (CRA) in 2022, a regulation to improve cyber security and cyber resilience in the European Union. It includes security standards for software and hardware products with digital elements. It is expected to come into force across Europe in July 2024. This also marks the start of the implementation period of up to three years, which can be a major challenge for many companies.
The IEC 62443 ("Industrial communication networks - IT security for networks and systems") a series of standards, is highly relevant for compliance with the CRA  and already covers a large part of the CRA’s requirements. The four sections of the standard describe all relevant security aspects of control and automation systems - from development and operation to maintenance through updates.

NIS-2 and  ISO 27001

Another relevant standard is the internationally applicable ISO 27001, which defines the requirements for information security management systems (ISMS) to ensure that companies deal with the topic of information security holistically and structurally rather than just taking selective measures.

ISO 27001 is relevant in part for the CRA and to a large extent for compliance with the NIS-2 directive, which regulates the cyber and information security of companies and institutions. In contrast to the CRA, however, NIS-2 does not have to be transposed into national law by the various member states until October 2024, which in Germany will be the NIS-2 Implementation and Cyber Security Strengthening Act (NIS-2UmsuCG) drawn up by the German Federal Office for Information Security (BSI).

Your products and solutions are affected by the CRA?

Applying new standards to existing products and processes can be very complex for companies. If a particularly sensitive issue such as cyber security further complicates matters, things quickly become critical. As a leading manufacturer of hardware and software solutions in the field of industrial communication, Hilscher Gesellschaft für Systemautomation mbH plays a key role in industrial automation. Robust cybersecurity and compliance with regulatory requirements therefore are pivotal for the industrial communication specialist from Hattersheim near Frankfurt am Main.
Together with the German TÜV Rheinland as certifier and the consultant TÜV iSec Rheinland, Hilscher is in the midst of implementing the CRA and already has extensive know-how regarding the time constraints and practical implications of relevant certification processes. And users from industry can benefit from this.

A tray of embedded modules with a netX chip onboard in a production machine. A red gleam is seen in the background. A small golden needle for testing comes from the top pointing at the tray.
Get in touch with us, we are glad to help you:
A man in a black suit and white shirt is smiling into the camera. He wears glasses and has grey hair. The environment is very bright.
Frank Behnke
Head of Product and Information Security / Product & Cyber Security

Get in touch for further information about the Cyber Resilience Act and other industrial cyber security standards!

A lock in a dark environment. The lock is surrounded by blue PCB-like lines.

Develop secure devices and systems with our netX communication controllers and our secure protocol firmware. You are thus ideally equipped to meet the requirements of standards such as IEC 62443 or the Cyber Resilience Act.

A photo collage showcasing various Hilscher products

From turn-key products to highly integrated solutions and complementary software, Hilscher is your partner for industrial communication. Get an overview of how we can help you take the networking of your machines to a whole new level!