In today's era of the Internet of Things, smart devices, and the smart industry, virtually everything is connected to the internet or local networks. The control of equipment, vehicles, machines, and installations now increasingly happens directly via the cloud. Securing connected devices has become of vital importance to ensure the safety of consumers and of critical infrastructures.
Developments and regulations
The first cyber security regulations in Europe and North America are already coming into force. The European Commission had adopted a number of measures to ward off cyber incidents. The Network Information Security (NIS) Directive, aimed at protecting the European critical infrastructure, will come into force mid 2018. That is also when the NIST Cyber Security Framework, for the protection of critical infrastructure in the US, will become mandatory.
Compliance with regulations and directives is best shown by adhering to internationally accepted security standards, such as ISO 27001 (Information Security Management) and standards addressing security requirements for devices and networks, such as the IEC 62443 series of standards for industrial systems with communications networks. New emerging regulations, such as the EU "Cyber Security Act" or the US "Securing IoT Act" may well require any connected device to comply with a set of technical requirements to ensure a high level of protections against cyber attacks.
Assessing and testing the security of your products and processes
DEKRA believes in safety in every aspect of life. We offer the knowledge to ensure safety and security related to product, systems, and processes. Together with various organizations, we participate in IEC standardization committees to work on the development of basic security standards and inclusion of security requirements into product standards. Our experts have profound knowledge of and experience with the latest developments in cyber security. They are ready to give you the best possible support on your challenges.
We approach cyber security from three different angles, leading to a comprehensive approach that addresses all the relevant aspects.
Cyber security is highly important on an organizational level. Ensuring the correct procedures and processes to guarantee security are in place offers great value to you and your stakeholders. We assess whether you comply with the requirements from the well recognized information security standard ISO 27001.
Next to organizational security, product security is equally important. IEC 62443 is the first standard on an international level which addresses functional security requirements for industrial automation devices. However, these standards are not only applicable to the industrial automation industry, but to virtually every other industry as well.
Finally, the importance of human behavior and safety thinking completes this comprehensive approach.
Certifying cyber security
Today's and tomorrow's consumers, operators of critical infrastructure, and regulators expect secure and trusted communication devices. Third party certification against security standards provides independent proof that your processes and products comply with stringent security requirements or standards. Certification provides your stakeholders with the confidence that you have been tested and approved by a third party. It opens doors for you in many markets around the world.
Achilles Communication Certification
DEKRA can provide you with Achilles Communication Certification (ACC) from GE Digital. Achilles Communication Certification is the industry leading benchmark for communication robustness and highly recognized in particular in North America for operational technologies used in critical infrastructure.
IECEE CB Cyber Security certification
DEKRA has been recognized by the IECEE, the global certification scheme for testing, assessment, and certification, against the IEC 62443 series of standards. CB certification provides confidence to your stakeholders that products, processes, and solutions comply with strict foundational security requirements outlined in IEC 62443. CB certificates are accepted worldwide as proof of compliance with international standards and provide trust that your processes and products comply with stringent security requirements or standards.
Epoche & Espri
Recently, DEKRA acquired cyber security specialist Epoche & Espri, which serves reputable and international ICT market leaders with amongst others "Common Criteria" (CC) evaluations. For more information about Epoche & Espri, please go to www.epoche.es