Autor: Alexander Lawall

Functional safety (safety) and cyber security (security) are key aspects of modern industry and technology. Safety aims to minimize risks posed by system malfunctions. This includes measures to protect people and the environment from failures and errors within systems. Security focuses on protecting systems and networks from digital attacks. The primary security objectives include ensuring confidentiality, integrity, and availability. A joint consideration of safety and security is essential for the future of the process industry, as both the physical safety and digital integrity of modern systems must be ensured. In industrial practice, this creates a field of tension: measures to enhance security can negatively impact safety and vice versa. This article analyzes relevant standards and regulations, presents key approaches for the integrated consideration of safety and security, and highlights areas of further research.

Interoperable automation can benefit cybersecurity certification processes that result from the EU Cybersecurity Act (e.g. EUCS) so that they represent less overhead for the stakeholders involved. The development of key standardization efforts involving relevant stakeholders (e.g. regulators) is needed to fully realize these benefits. EU projects like H2020 MEDINA, HEU COBALT and communities such as EUROSCAL are well on the way to achieving this goal. However, more practical experience is needed to make continuous certification with automation a reality.

The number of successful cyber attacks on industrial manufacturing is constantly increasing due to the growth of digitalization and networking. IT security certifications are an effective means against these attacks and at the same time create confidence in and comparability of IT security about production and IT products. This article compares certification standards such as ISO/IEC 15408 - Common Criteria (CC) and specific standards for mobile communications (including NESAS CCS-GI), of GSM Association (GSMA) and 3rd Generation Partnership Project (3GPP), for testing depth and efficiency. (Only in German)