A lock in a dark environment. The lock is surrounded by blue PCB-like lines.
empowering communication

The Cyber Resilience Act is coming: Get your necessary certifications!

The networking of IT and OT - from field level to the cloud - offers both major advantages and risks for the security of automated production systems. The German Federal Office for Information Security (BSI), for example, registers around 70 new vulnerabilities every day. But what about national and international legislation and standards that are intended to structurally increase security in the future? In this article, you can find out what companies need to look out for and where they can get additional input from experts such as the industrial communication specialist Hilscher.

Cyber Resilience Act and IEC 62443

In order to strategically strengthen and structurally anchor cyber security in Europe, the EU Commission proposed the Cyber Resilience Act (CRA) in 2022, a regulation to improve cyber security and cyber resilience in the European Union. It includes security standards for software and hardware products with digital elements. It is expected to come into force across Europe in July 2024. This also marks the start of the implementation period of up to three years, which can be a major challenge for many companies.
The IEC 62443 ("Industrial communication networks - IT security for networks and systems") a series of standards, is highly relevant for compliance with the CRA  and already covers a large part of the CRA’s requirements. The four sections of the standard describe all relevant security aspects of control and automation systems - from development and operation to maintenance through updates.

NIS-2 and  ISO 27001

Another relevant standard is the internationally applicable ISO 27001, which defines the requirements for information security management systems (ISMS) to ensure that companies deal with the topic of information security holistically and structurally rather than just taking selective measures.

ISO 27001 is relevant in part for the CRA and to a large extent for compliance with the NIS-2 directive, which regulates the cyber and information security of companies and institutions. In contrast to the CRA, however, NIS-2 does not have to be transposed into national law by the various member states until October 2024, which in Germany will be the NIS-2 Implementation and Cyber Security Strengthening Act (NIS-2UmsuCG) drawn up by the Federal Office for Information Security (BSI).

Your products and solutions are affected by the CRA?

Applying new standards to existing products and processes can be very complex for companies. If a particularly sensitive issue such as cyber security further complicates matters, things quickly become critical. As a leading manufacturer of hardware and software solutions in the field of industrial communication, Hilscher Gesellschaft für Systemautomation mbH plays a key role in industrial automation. Robust cybersecurity and compliance with regulatory requirements therefore are pivotal for the industrial communication specialist from Hattersheim near Frankfurt am Main.
Together with the German TÜV Rheinland as certifier and the consultant TÜV iSec Rheinland, Hilscher is in the midst of implementing the CRA and already has extensive know-how regarding the time constraints and practical implications of relevant certification processes. And users from industry can benefit from this.

A tray of embedded modules with a netX chip onboard in a production machine. A red gleam is seen in the background. A small golden needle for testing comes from the top pointing at the tray.
Get in touch with us, we are glad to help you:
A man in a black suit and white shirt is smiling into the camera. He wears glasses and has grey hair. The environment is very bright.
Frank Behnke
Rheinstrasse 15
65795
Hattersheim
Hesse
Germany
A lock in a dark environment. The lock is surrounded by blue PCB-like lines.

当社のnetX通信コントローラとセキュア・プロトコル・ファームウェアでセキュアなデバイスとシステムを開発します。お客様は、IEC 62443やサイバー・レジリエンス法などの規格の要件を満たすように適切に設定できます。

ターンキー製品から高度に統合されたソリューションや補完的なソフトウェアまで、ヒルシャーは産業用通信におけるお客様のパートナーです。お客様の機械のネットワークをまったく新しいレベルに引き上げるために、当社がどのようなお手伝いができるか、その概要をご覧ください!