In this podcast episode, we talk about the Cyber Resilience Act. We discuss how companies are implementing the new EU regulations to ensure the IT security of their machines. We look at how important software has become in mechanical engineering and how the industry is adapting to the new security requirements. Valuable insights and practical tips will be shared on how to approach the topic of cyber resilience. Of particular interest is the discussion on the networking of machines and the associated challenges. Another important topic is the training of development teams and the importance of a suitable mindset for the successful implementation of the new requirements.
We are now starting to train our developers and software architects to ensure that we can meet the new security requirements.” - Christoph Ranalter
Christoph Ranalter has been working in development since 2011 and has been head of software and control development at Felder KG, a leading Tyrolean mechanical engineering company for woodworking, since 2022. He placed great emphasis on quality in software development early on and built up several high-performance teams, which he still supports today in order to develop efficient and high-quality software solutions. Looking to the future, Christoph Ranalter is focusing on the next milestones in modern software development, including AI, the Cyber Resilience Act and NIS2.
Highlights of this Episode:
In this podcast episode, Richie and Christoph discuss the Cyber Resilience Act and its impact on a mechanical engineering company. Christoph shares insights into the challenges and strategies for implementing the Act, as well as the importance of software and cybersecurity in mechanical engineering.
Christoph begins by explaining that his company manufactures woodworking machines - from simple saws to complex CNC machining centers. With around 850 employees in Austria and a further 650 worldwide, it is a medium-sized family business. Although at first glance you might not think that mechanical engineering has much to do with software, it is clear that networked machines, cloud solutions and remote support are playing an increasingly important role. These developments naturally also bring with them new security requirements.
The Cyber Resilience Act affects any digital product that can interact with other devices or networks. Christoph describes how his company realized that this legislation also affects them - from smart coffee machines to CNC machines. Together with a consulting firm, they have carried out an initial screening and determined that they need to take measures to meet the legal requirements. Time is of the essence, as the first measures must be implemented by 2024.
According to Christoph, one of the biggest challenges was to raise awareness of cybersecurity throughout the company. This meant not only introducing technical measures such as better firewalls or antivirus software, but also organizational steps such as training the development teams. He emphasizes the importance of a structured risk assessment and an incident response team. These teams must be able to react quickly when security gaps are discovered.
Christoph emphasizes that his company already uses a number of tools to improve security - including static code analysis tools and manual security tests. Nevertheless, there is still a lot to do: from encrypting internal communication processes to implementing update-over-the-air solutions for their machines. The integration of AI for data processing is also on their agenda.
At the end of the interview, Christoph shares his confidence that implementing the Cyber Resilience Act is not only a legal necessity, but can also provide a competitive advantage. Secure and innovative solutions can set them apart from competitors. He recommends that all companies - large and small - deal with the new requirements at an early stage and take appropriate measures.