- Cybersecurity is a crucial topic for the industrial and energy sector and the EU is currently pushing regulatory initiatives related to cybersecurity.
- TTTech Industrial is among the first companies in Austria certified by TÜV Austria according to the industrial cybersecurity standard IEC 62443-4-1.
- TTTech Industrial’s IIoT platform Nerve already includes several cybersecurity features and certification according to IEC 62443-4-2 is planned for next year.
Vienna, Austria, September 28, 2023: Secure connectivity of machines and assets is integral to the digitalization in the industrial and energy sectors. As the EU steps up its initiatives to improve cybersecurity of assets with any digital interfaces or capabilities, the international standard IEC 62443 is going to be the most relevant and best suited standard to systematically address the necessary procedures and methods. TTTech Industrial is among the first companies in Austria to receive cybersecurity certification for its product development processes from TÜV Austria and is taking the next steps towards certifying its IIoT platform Nerve.
Cybersecurity in the industrial sector is a crucial topic for machine builders, suppliers, and end customers. Cyberattacks are on the rise and as industrial systems are increasingly interconnected and digitalized, companies need to ensure that their data is protected and that they can ward off attacks that might disrupt production, compromise IP, safety, or supply chains, and result in financial or reputational damage. The EU is therefore working on regulations related to cybersecurity for a range of industries. The NIS2 Directive, active since January 2023, provides legal measures to enhance cybersecurity in the member states, and the Cyber Resilience Act (CRA) for products with digital elements is currently under consideration.
TTTech Industrial considers cybersecurity a must-have, not only because of future legislation: “Connectivity and digitalization are vital for optimizing production and increasing efficiency, but they can also increase the risk for cyberattacks. We are committed to playing an active part in our customers’ efforts to increase cybersecurity on their shopfloor,” says Herbert Hufnagl, General Manager and Member of the Executive Board at TTTech Industrial.
TTTech Industrial was recently certified according to IEC 62443-4-1, as one of the first companies in Austria to have received this certification from TÜV Austria. IEC 62443 is an established cybersecurity certification for the industrial sector, with the substandard IEC 62443-4-1 defining the requirements and providing a framework for secure product development and lifecycles. This is a prerequisite for the certification of TTTech Industrial’s IIoT platform Nerve according to substandard IEC 62443-4-2, which covers IT security for industrial automation systems.
TTTech Industrial’s IIoT platform Nerve provides scalable, cloud-managed edge computing, hosted on Microsoft Azure in Germany and is therefore compliant with the EU’s General Data Protection Regulation (GDPR). However, it also supports offline operation for use cases where Internet connectivity is not available or required. Nerve includes cybersecurity features that are being monitored and upgraded according to IEC 62443-4-1. Among these are securing all connections to the Nerve Management System with TLS 1.2. and central update mechanisms for applications and firmware that allow a fast-threat response. The isolation of user applications through virtual machines (VMs) or Docker containers allows the safe use of legacy equipment or applications, and role-based access control is implemented to ensure secure access to data for different users and services.
Thomas Berndorfer, Member of the Executive Board at TTTech Industrial explains why IEC 62443 certification is important for TTTech Industrial: “Industrial systems are used by different companies along the supply chain that need access to various kinds of data and services for various purposes. Our IIoT platform Nerve is at the center of this by allowing customers to collect, manage, and analyze their machine data from everywhere in the world. We regularly review Nerve’s cybersecurity features, and we continuously monitor potential security threats, so we can provide patches if needed, and improve our solutions' security level. The IEC 62443-4-1 certification is the first step towards the product certification of Nerve in 2024.”
Images