3 min read

Cyber Resilience Act (CRA)

Cyber Resilience Act (CRA)

In this podcast episode, we talk about the Cyber Resilience Act. We discuss how companies are implementing the new EU regulations to ensure the IT security of their machines. We look at how important software has become in mechanical engineering and how the industry is adapting to the new security requirements. Valuable insights and practical tips will be shared on how to approach the topic of cyber resilience. Of particular interest is the discussion on the networking of machines and the associated challenges. Another important topic is the training of development teams and the importance of a suitable mindset for the successful implementation of the new requirements.

We are now starting to train our developers and software architects to ensure that we can meet the new security requirements.” - Christoph Ranalter

Christoph Ranalter has been working in development since 2011 and has been head of software and control development at Felder KG, a leading Tyrolean mechanical engineering company for woodworking, since 2022. He placed great emphasis on quality in software development early on and built up several high-performance teams, which he still supports today in order to develop efficient and high-quality software solutions. Looking to the future, Christoph Ranalter is focusing on the next milestones in modern software development, including AI, the Cyber Resilience Act and NIS2.

Highlights of this Episode:

  • The Cyber Resilience Act affects any digital product that can interact with another device or network.
  • Christoph’s company has begun a screening process to understand how the Act affects them and is working with a consulting firm.
  • The company plans to form an incident response team and train their developers in cybersecurity.
  • The company is already using a static code analysis tool and is planning further measures to improve software security.
  • The implementation of the Cyber Resilience Act is also a strategic decision for the company in order to remain competitive and the requirements for testing have not changed, but the way of working has changed, especially through agile methods.

Cyber Resilience Act: Challenges and strategies for mechanical engineering

In this podcast episode, Richie and Christoph discuss the Cyber Resilience Act and its impact on a mechanical engineering company. Christoph shares insights into the challenges and strategies for implementing the Act, as well as the importance of software and cybersecurity in mechanical engineering.

The role of software in mechanical engineering

Christoph begins by explaining that his company manufactures woodworking machines - from simple saws to complex CNC machining centers. With around 850 employees in Austria and a further 650 worldwide, it is a medium-sized family business. Although at first glance you might not think that mechanical engineering has much to do with software, it is clear that networked machines, cloud solutions and remote support are playing an increasingly important role. These developments naturally also bring with them new security requirements.

Cyber Resilience Act: What does it mean?

The Cyber Resilience Act affects any digital product that can interact with other devices or networks. Christoph describes how his company realized that this legislation also affects them - from smart coffee machines to CNC machines. Together with a consulting firm, they have carried out an initial screening and determined that they need to take measures to meet the legal requirements. Time is of the essence, as the first measures must be implemented by 2024.

Challenges during implementation

According to Christoph, one of the biggest challenges was to raise awareness of cybersecurity throughout the company. This meant not only introducing technical measures such as better firewalls or antivirus software, but also organizational steps such as training the development teams. He emphasizes the importance of a structured risk assessment and an incident response team. These teams must be able to react quickly when security gaps are discovered.

Technical solutions and tools

Christoph emphasizes that his company already uses a number of tools to improve security - including static code analysis tools and manual security tests. Nevertheless, there is still a lot to do: from encrypting internal communication processes to implementing update-over-the-air solutions for their machines. The integration of AI for data processing is also on their agenda.

Conclusion and outlook

At the end of the interview, Christoph shares his confidence that implementing the Cyber Resilience Act is not only a legal necessity, but can also provide a competitive advantage. Secure and innovative solutions can set them apart from competitors. He recommends that all companies - large and small - deal with the new requirements at an early stage and take appropriate measures.

Test Automation of Mobile Apps

Test Automation of Mobile Apps

Sometimes the first attempt at test automation fails. But in addition to the frustration and the need to explain to management, failure always brings...

Weiterlesen
A Critical Look at BDD

A Critical Look at BDD

Behavior Driven Development, or BDD for short, is a powerful framework that is often misunderstood or misapplied. It is based on clear communication...

Weiterlesen
Quality from an architectural perspective

Quality from an architectural perspective

Are quality requirements the same as non-functional requirements? And what are functional requirements? Which of these are included in the ISO 25010...

Weiterlesen