The EU has recently introduced new directives to strengthen cybersecurity, such as the Cyber Resilience Act (CRA) and the NIS 2 Directive. What specific duties specifically apply to automation engineers?
Dr. Tebbe: Automators face the challenge of meeting both the CRA and the NIS 2 directive. The CRA aims to protect networked products from unauthorized access and manipulation throughout their life cycle. An important component is the timely provision of security updates. The NIS-2 directive expands the rules of the existing NIS-1, requiring companies, depending on their category and industry, to effectively manage the risks associated with their digital infrastructure and services. Similar to the CRA, significant cyber incidents must also be reported to national authorities. This means that, as manufacturers and system integrators, we must thoroughly check our infrastructure, products and systems for security vulnerabilities and implement appropriate security measures. This process is often associated with lengthy development times. We also need to ensure that our suppliers meet these high standards, which requires close cooperation and regular audits.