• German Machine Tool Builders' Association
  • vdw@vdw.de
  • +49 69 756081-0

Security

  1. Home
  2. Technology & Standardization
  3. Security

VDW position paper on the EU’s Cyber Security Act (CRA).

The VDW has published a position paper on the introduction of the CRA. On the one hand, this important legislation ensures fair conditions for the use of software and ‘products with digital elements’, which is appreciated. However, the timeframe for implementing the CRA is viewed very critically. Machine tools themselves fall under the CRA regulations. At the same time, they integrate many complex subsystems and components to which the CRA also applies. Due to the complex supply chains and typically long lead times for subcontracts and orders in project-based business, there is a real danger that machine tool manufacturers will ultimately have insufficient time to make their products compliant. In the worst case, a sales ban could have existential consequences, especially for SMEs.
The VDW therefore urges politicians and legislators to:
  1. introduce the CRA in an at least two-tiered manner.
  2. Provide machine tool manufacturers, as integrators of complex systems, with an extended timeline until the CRA is to be fully implemented.
  3. Consistently apply the CRA’s risk-based approach and correspondingly reduce requirements for simple and non-critical components and products, which typically installed and used in machine tools.
 
The full text of the position paper is available here.
Contact: Dr. Alexander Broos, Director Research and Technology, a.broos@vdw.de

VDW Product Security Working Group

In the Product Security Working Group, our member companies address the challenges posed by cybersecurity in manufacturing in general, as well as the various regulations and customer requirements for machine tools as a product in particular.
 
Topics include:
  • Risk and threat analysis
  • Software Bill of Materials (SBOM).
  • Asset management over the life cycle
  • Exchange with system/control suppliers
  • Software updates (methods/tools)
  • User Management
 
Contact: Götz Görisch, Expert for Digitization and Product Security, g.goerisch@vdw.de

 

Security of Machine Tools

The digital transformation of manufacturing, especially of machine tools and plants, is steadily advancing. Control components that were previously operated as stand-alone solutions are being networked company-wide or directly connected to each other via the internet and interact with software services in the cloud. This creates so-called cyber-physical systems.

These systems are increasingly being targeted by hackers, as they are often very easy targets for cyber attacks. Malware (such as “Mirai”, “Hajime”, “WannaCry” or “Petya”) enables attackers to quickly and significantly impair the availability of plants and machines; production processes come to a standstill, resulting in economic losses costing millions. In addition to the extorted money payments, companies often also suffer great damage to their image.

The operator himself can make an initial and important contribution to secure machine operation. Information on and suggestions for this have already been presented elsewhere [1] In order to be able to adequately combat threats, plant and machine manufacturers will also have to attach much more importance to security in the future – both in the construction of the machines and in their operation. “Security by design” is a method that has been successfully applied in software development for many years. Transferred to machine and plant construction, it is applied in the international standard IEC 62443.

 

[1]  IT-Security in Machine Tools – end user guideline

Security for Machine tools – manufactures guideline