icon
— IT & Cyber Security

A risk recognized
is a risk averted

Thanks to DEKRA and DEKRA DIGITAL, this is how holistic cyber security management can be achieved. In a digitalized economy where almost everything is networked, cyber attacks have the potential to significantly disrupt or completely paralyze companies’ processes. This not only poses the threat of substantial financial costs, for example, if business operations are interrupted, but also a loss of reputation among customers and partners if the necessary security measures have been neglected. Companies need to change their perspective here. Cyber security is not a one-time thing.

In February 2022, Andy Schweiger became Senior Vice President for the overarching issues of cyber security and functional safety at DEKRA. He is also responsible for the strategic further development of the DEKRA Cyber Security Hub, which is operated by DEKRA DIGITAL. The Hub is where we pool all DEKRA’s expertise and services, working for and with our customers to develop cyber security solutions focused on the protection and security of data, the network, products, and IT infrastructures and processes. In this interview, we discuss the current relevance of a holistic approach to security, the relationship between cyber security and cyber resilience, and the role of functional safety in the DEKRA Cyber Security Hub.

ANDY
SCHWEIGER

SENIOR VICE PRESIDENT

Mr. Schweiger, you’ve been involved in cyber security for more than 20 years. What are currently the greatest risks caused by inadequate security measures in the cyber cosmos?

Universal and location-independent connectivity and emerging technologies such as AI and quantum computing make it impossible to distinguish between major and minor risks. Whether in the professional or private environment, there is always a blind spot that can function as an entry point for cyber attacks.

Nevertheless, some risks can be identified across industries. One of the greatest threats at present comes from ransomware. Organized criminal groups gain access to highly sensitive data of hospitals, public authorities or companies, encrypt it, and demand millions for its release. The human factor remains another entry point for cyber attacks. All too often, people are still using easy-to-crack passwords or a careless click on a phishing mail can open the door to a serious hack.

There are many possibilities, which is why we at the DEKRA Cyber Security Hub repeatedly emphasize the relevance of a holistic security strategy. Companies especially must realize that it doesn’t actually matter whether they are attacked by cyber criminals, hackers or malicious insiders. It’s more a question of how they deal with an attack to ensure that as little damage as possible is done.

Can you provide more detail about how the DEKRA Cyber Security Hub can go about building a holistic security approach for companies?

DEKRA takes a holistic view of the topic of cyber security – as a cross-industry challenge, but with a sector-specific eye for new standards within the TIC sector. In order to proactively address the current and future challenges of digitalization and the associated cyber security issues so that we can offer our customers tailored services, we have pooled all our expertise in areas such as auditing, testing, consulting, training, and certification in the DEKRA Cyber Security Hub, and are working to add new competences as and when required by the level of digitalization and enabled by the framework conditions in the TIC sector.

Specifically, our holistic approach focuses on three things: people, products and processes. The compatibility of maximum quality requirements with our responsibility as a neutral expert organization are the yardstick we apply in identifying security gaps and developing a holistic approach that takes account of all entry points, while at the same time raising awareness among companies and employees on how to deal with cyber crime correctly.

Our goal is for companies to become more resistant and confident in their ability to handle cyber attacks and to build resilience.
 

What role is played by international regulations and how can they make a digital space without borders “more controllable” or “more secure”?

Regulations are very important to security and enhanced cyber security, but only if compliance can be monitored by neutral inspection bodies – and if there is the threat of effective sanctions if international standards are breached. For too long, cyber security has depended solely on the voluntary commitments of technology providers. At the same time, their lobbying activities have diluted necessary regulations.

The damage caused by ransomware, for example, more than clearly demonstrates that there is an urgent need for government regulation. DEKRA and DEKRA DIGITAL are conducting pioneering work in this area by harmonizing standards and designing specific new testing and auditing measures.

You are responsible for the Cyber Security Hub. Why has the topic of functional safety also been integrated into the Hub?

Let’s take the example of the automotive industry to illustrate this.

The guidelines on the functional safety of electronic components date back to a time when the electronic systems in vehicles were not connected with the outside world like they are today. The goal was and is to create reliable and high-availability systems that can be used continuously and without monitoring. Over time, a series of standardized methods and processes have been developed under the heading of “functional safety” and have proven successful in practice.

The increasing need for connectivity and the resulting opening of previously closed systems has resulted in highly networked systems that need protection against tampering by third parties. For this reason, it makes sense to combine the activities to ensure compliance with functional security standards and methods with the latest standards and resulting findings in connection with cyber security.

In order to meet the requirements of both standards, all the parties involved in product development must demonstrate a high level of process maturity in their software development activities. In the automotive industry, this is covered by ASPICE, which stands for “Automotive Software Process Improvement and Capability Determination”. This is an evaluation of the maturity level of software development processes which have since been expanded to include elements of relevance to cyber security. ASPICE can be used to assess, compare and improve the quality of software development in the automotive industry. Processes that influence software development, such as the interaction of software, hardware and mechanical components in a mechatronic system, are also taken into account.

Compliance with UNECE (United Nations Economic Commission for Europe) Regulation No. 155 requires that car manufacturers harmonize and as far as possible combine their cyber security, functional safety and software development specifications, both in house and throughout their supply chains.

By bringing the three areas of expertise together in the Cyber Security Hub, DEKRA has created an outstanding basis for supporting vehicle manufacturers in efficiently complying with the UN Regulation and enabling suppliers to comply with the corresponding international standards in this regard.
 

From a distance
This website is using cookies to provide a good browsing experience

Cookie consent(s)

We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. To provide you with a convenient online experience and to improve our communications, please click "ACCEPT ALL". By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time in the settings.

This website is using cookies to provide a good browsing experience

Cookie consent(s)

We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. To provide you with a convenient online experience and to improve our communications, please click "ACCEPT ALL". By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time in the settings.

Your cookie preferences have been saved.