Certified for Secure Product Development

08.11.2024
In October 2024, TÜV Rheinland, the German Technical Inspection Association in the Rhineland region of Germany, certified the secure product development process at Endress+Hauser in accordance with the IEC 62443-4-1 security standard, maturity level 3. Five product centers have received the certification and thus meet the requirements for the life cycle of the products.
Certified for Secure Product Development

Product security expertise: Mirko Brcic (third from right) and the product security managers of the Endress+Hauser product centers (from left: Manfred Niederer, Karsten Traub, Dr Claudia Nowak, Simon Merklin and Sushil Siddesh) played a key role in achieving IEC 62443-4-1 certification. (Image source: Endress+Hauser AG)

The Council of the European Union passed the Cyber Resilience Act (CRA) in October 2024. This stipulates that products must demonstrate a high level of cybersecurity throughout their entire life cycle. Appropriate measures and methods must be implemented as early as the product development stage. Endress+Hauser follows this “Security by Design” approach to provide customers with the best possible support in protecting their systems.

“We are particularly proud of this certificate as it recognizes our many years of effort to achieve the highest level of security in our product centers. This level of structured approach across many different development sites shows the importance Endress+Hauser places on cybersecurity,” says Mirko Brcic, Product Security Officer at Endress+Hauser.

One visible result of the cybersecurity measures is the development of secure access to Endress+Hauser measuring devices via Bluetooth. Even the internet standardization body IETF now recommends the CPace protocol used in the Endress+Hauser SmartBlue app for password-protected access.

Standard affects various aspects
In principle, a company that aligns its processes with IEC 62443-4-1 must prove that cybersecurity is incorporated throughout the entire life cycle of a product. As part of the group certification, the certifying body checks the following aspects, among others:

  • Risk and threat analyses
  • Security by design
  • Security testing
  • Vulnerability management
  • Customer security manual

“With the IEC 62443-4-1 certification, we have jointly laid the foundation for supplying secure products in the future and being prepared for regulations such as the CRA,” says Mr Brcic. Five of the Group’s competence centers were certified: Endress+Hauser Flow, Endress+Hauser Level+Pressure, Endress+Hauser Liquid Analysis, Endress+Hauser Temperature+System Products, and Endress+Hauser Digital Solutions.

More articles on this topic

Change at the Top of Endress+Hauser InfoServe

16.12.2024 -

Endress+Hauser is driving digitalization forward – in its products, in customer interaction and in internal collaboration. Endress+Hauser InfoServe, the Group’s IT service provider, plays a key role in this. Oliver Blum will take over as the new managing director on 1 January 2025. He was previously Corporate Director Supply Chain at Endress+Hauser.

Read more

Securing Utilities in the Age of Digital Transformation

22.05.2024 -

Legacy technologies reaching end-of-life, increasing investments in digitisation and automation, and the growing prevalence and sophistication of cybercrime are creating a melting pot of risk for utilities. CYBSEC-EXPO, a new exhibition and conference taking place at the end of May, is set to connect leaders from water, gas, and electricity networks with the knowledge and solutions to help keep their IT and OT systems safe.

Read more