Cyber security for machines and systems
Secure your machines and systems with expert knowledge
At a time when cyber threats are becoming increasingly complex, compliance with the latest security standards is crucial. Our Product Security Consulting supports mechanical engineering companies and plant operators in implementing the cyber security standards required by NIS2 and CRA - directly in their machines and plants.
Our services include:
- Analysis and evaluation: We analyze your current security measures and evaluate their compliance with the current NIS2 and CRA requirements.
- Implementation: We help you to implement the Product Security Standards as an elementary part of your product development strategy, purchasing strategy or plant audits.
- Training : Our team provides training to ensure that your staff fully understand and can correctly apply the new safety measures.
Our expertise
Our company has many years of experience in this specialized field. Our experts have extensive know-how in cyber security for machines and systems. This expertise enables us to develop customized solutions that not only comply with legal requirements, but also take your specific needs and challenges into account.
Concentrate on your process know-how - we take care of the safety of your machines and systems.
Let's work together to secure your products for the digital future. Contact us today for a consultation!
Protect your machines and systems
NIS2 and CRA
The Network and Information Security 2 (NIS2) Directive and the Cyber Resilience Act (CRA) are key pieces of EU legislation to improve cyber security in Europe. Here are some details on both:
NIS2 Directive
- Purpose: The NIS2 Directive aims to ensure a high common level of cybersecurity in the EU, especially for companies providing critical infrastructure or essential services.
- Area: It significantly extends the scope compared to the previous NIS Directive by covering more sectors and facilities. These include:
- Essential Entities: Companies in 11 sectors that are classified as critical (e.g. energy, transportation, healthcare).
- Important Entities: Companies in 7 other sectors (e.g. digital providers, utilities).
- Requirements:
- Risk management: Companies must implement proactive security measures, including risk assessment and management.
- Reporting obligations: Cybersecurity incidents must be reported immediately.
- Cooperation: Increased cooperation and exchange of information between member states and companies.
- Penalties: Non-compliance can lead to substantial fines, up to 10 million euros or 2% of annual worldwide turnover.
- Implementation: The NIS2 Directive came into force and had to be transposed into national law by October 17, 2024.
Cyber Resilience Act (CRA)
- Purpose: The CRA aims to improve the cybersecurity of products with digital elements that are launched on the EU market.
- Scope: The CRA applies to all products with digital elements, including hardware and software, that can establish a network connection.
- Requirements:
- Security by design: Products must be designed and manufactured securely from the outset.
- Conformity assessment: Manufacturers must prove the conformity of their products with the CRA requirements.
- Updates: Security updates must be made available over the entire life cycle of the product.
- Transparency: Increased transparency about the safety properties of the products.
- Penalties: Non-compliance can lead to penalties of up to 15 million euros or 2.5% of annual turnover.
- Implementation: The CRA is expected to come fully into force in the second half of 2024.
Both sets of rules are designed to strengthen cybersecurity in the EU, but they focus on different aspects:
- NIS2 focuses on the security measures of companies, especially in critical sectors.
- CRA focuses on the safety of the products themselves that come onto the market.
These regulations are part of a broader EU strategy on cybersecurity, which is also supported by other laws and directives.