In order to increase and standardize the level of digital security in Europe, the European Parliament has launched the Cyber Resilience Act (CRA). The aim is to protect interconnected products from manipulation. Manufacturers of industrial automation components, such as those used in mobile machinery, must also meet the requirements of the CRA.
The EU Parliament passed the Cyber Resilience Act (CRA) in mid-March. The Council brought the directive into force in summer 2024. From this date, manufacturers of relevant products have three years to implement the necessary security requirements. The new EU regulations are intended to protect consumers from the cybersecurity risks associated with the use of smart devices. According to the EU factsheet on the CRA, a ransomware attack occurs every 11 seconds around the world - and in 2021, this caused global economic damage of 20 billion euros. All manufacturers of products affected by the CRA are responsible for their cybersecurity throughout their entire lifecycle and must ensure that any security gaps are closed. At the same time, any vulnerabilities discovered must be documented and reported.
The CRA covers all products and devices with “a digital component”, as the EU calls it in the directive. This includes obvious devices such as smart watches, but also networked household appliances - or intelligent industrial automation components such as control systems or telematics units. The latter two are particularly in focus, as they generally have a large number of interfaces for networking, through which potential cyber attacks can succeed. The Cyber Resilience Act is therefore also highly relevant for manufacturers of these automation components.
For machine manufacturers as original equipment manufacturers of automation components, it is of the utmost importance that all their suppliers comply with the requirements of the CRA. This is because the fines for non-compliance are severe. Companies affected can expect fines of up to 15 million euros or 2.5 percent of their annual turnover.
The automation specialists at STW in Kaufbeuren recognized the dangers and potential consequences of cyber security attacks at an early stage and took appropriate countermeasures. This is because the manipulation of mobile machinery, on which STW components are primarily used, can quickly lead to dangerous situations or have considerable economic consequences, for example if a combine harvester breaks down during the crucial harvesting phase.
STW already uses appropriate intelligent mechanisms and tools to ensure that all potential security vulnerabilities are detected and eliminated on a daily basis and therefore already meets the requirements of the Cyber Resilience Act.
Manufacturers of mobile machinery who rely on STW control systems or telematics and communication modules such as the TCG-4 can therefore rest assured that they are on the safe side.