TTTech Industrial – a developer of industrial automation solutions and part of the TTTech Group – is one of the first companies in Austria to achieve the IEC 62443-4-1 certification.
IEC 62443-4-1 is an international cybersecurity certification for the industrial sector which defines the requirements and framework for secure product development and lifecycles. The company’s product development processes were certified by TÜV Austria, an international testing and certification company.
Receiving this certification not only helps to ensure the security of TTTech Industrial’s various technologies but also provides a prerequisite for certifying its Nerve IIoT (Industrial Internet of Things) platform according to the IEC 62443-4-2 substandard covering IT security in industrial automation systems.
According to TTTech Industrial, Nerve – a cloud-managed edge computing solution – already includes many cybersecurity features. These are being monitored and updated according to IEC 62443-4-1 and include securing all connections to the product’s Nerve Management System as well as role-based access control to ensure secure access to data for different users and services.
“Industrial systems are used by different companies along the supply chain that need access to various kinds of data and services for various purposes. Our IIoT platform Nerve is at the center of this by allowing customers to collect, manage, and analyze their machine data from everywhere in the world,” said Thomas Berndorfer, Member of the Executive Board at TTTech Industrial, in the company’s press release announcing its recent certification. “We regularly review Nerve’s cybersecurity features, and we continuously monitor potential security threats, so we can provide patches if needed, and improve our solutions' security level. The IEC 62443-4-1 certification is the first step towards the product certification of Nerve in 2024.”
Why Cybersecurity Certification Matters
Cybersecurity has become an increasingly important topic as more systems and machines become connected and digitalized. Ensuring a safe connection means there will be no issues with performance and that collected data is only shared with the appropriate entities. This helps to prevent disruptions to production as well as compromises to IP, safety or supply chains for machine builders, suppliers and end- use customers.
“Connectivity and digitalization are vital for optimizing production and increasing efficiency, but they can also increase the risk for cyberattacks. We are committed to playing an active part in our customers’ efforts to increase cybersecurity on their shopfloor,” said Herbert Hufnagl, General Manager and Member of the Executive Board at TTTech Industrial, in the company’s press release.
Given the importance of cybersecurity, the European Union (EU) is one of many governmental and organizational bodies developing regulations and standards related to cybersecurity, with the IEC 62443-4-1 being one example.
In January 2023, the EU put the NIS2 Directive in place which aims to provide legal measures for enhancing cybersecurity in member states. Through this directive, the EU strives to ensure:
- Member States are prepared for cybersecurity attacks by requiring them to be appropriately equipped to address them,
- cooperation among all Member States through a group established to support and facilitate information exchange and strategic copperation, and
- a culture of security across sectors vital to the economy and society such as energy, transport, water, banking, digital infrastructure and others.
The EU is also currently considering the Cyber Resilience Act (CRA) for products with digital elements. Its goal is to enhance the cybersecurity of hardware and software products introduced into the market. To achieve this, four key objectives have been set:
- ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
- ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
- enhance the transparency of security properties of products with digital elements, and
- enable businesses and consumers to use products with digital elements securely.
By implementing various regulations and standards such as these, manufacturers and the broader public can be better protected from cybersecurity threats.