Cyber security: draft standard with massive consequences
The draft of section 20 of ISO 8102 on cyber security in lifts and escalators (Electrical requirements for lifts, escalators and moving walks) was published recently. We asked an expert for his assessment of the draft.
Tim Ebeling, managing director of the lift measurement equipment manufacturer Henning, is the representative of the VFA-Interlift in the committee “Digitalization and Cyber Security” of the European Lift Association ELA.
Are you surprised by the contents of ISO/DIS 8102-20?
Ebeling: The ISO/DIS 8102-20 was prepared in a remarkably short time for an ISO standard. Many of the parties involved appear to be very interested in this standard. And cyber security is of course also an important subject in our sector, since increasing numbers of lifts are networked, e. g. via the Internet. The contents did not really surprise me.
To a large extent, the draft standard referenced IEC 62443, an international standard series on “Industrial communication networks – IT security for networks and systems”. However, there were several variations, which will probably make it very difficult for many market participants to offer their services in the future in the way they’re accustomed to.
What do you mean by that? Tim Ebeling, managing director of the lift measurement equipment manufacturer Henning. Photo: © Henning
Ebeling: Well, the main thrust of this draft standard can be found in the chapter on “Secure development life cycle for lifts, escalators and moving walks”, i.e. the secure development life cycle of the components of a lift. This chapter is intended for component manufacturers and system integrators, though the latter really refers to the erectors or maintenance companies.
Let’s get started with the component manufacturers. I can see almost of them in future being able to develop their components according to the already mentioned standard series IEC 62443 – even if this will probably result in having to acquire many certifications during development from the corresponding bodies.
However, the actual problem is that these component manufacturers normally aren't involved in setting up a system and its operation. As a result, they cannot meet many of the requirements at all – particularly regarding software updates, certificates or key handling and the information exchange required between lift owners, system integrators (maintenance or erector operation) and component manufacturers.
This is only possible if manufacturers, erectors and the maintenance firm are one and the same company. In my view, the cyber security requirements should above all be of a technical and not an organisational nature and not be too much focused on the work organisation of the companies involved.
If the draft standard continues to exist in this form, major demands appear to be in store for the component manufacturers. What about the erectors and maintenance companies?
Ebeling: The term system integrator in itself says a lot about the requirements to be expected in erecting lifts and their maintenance, taking the draft standard ISO/DIS 8102-20 into account. Start-up of the lift or later replacement of a component could then certainly also mean replacing software certificates and similar measures. At the moment, this would probably be beyond most of the small and medium-sized maintenance companies. Either new job profiles will have to be set for fitters or a new niche for pure system integrator companies may emerge in lift building.
I see a special difficulty in modular construction lifts where the erector itself puts together the components needed. This in particular would require IT system integrator knowledge. If the lift has to be erected under the draft standard ISO/DIS 8102-20, it makes sense for SMEs to use complete lift packages instead.
Not to be provocative, but you appear to have great reservations about this draft standard. Don’t you think that cyber security is important?
Ebeling: Of course, it’s extremely important. Particularly as a sector that is especially devoted to functional safety, we cannot simply ignore such a crucial subject.
Cyber security is also immensely important for conveyance technology, and we have to do everything to prevent attacks on our installations. But I do have reservations about the possible effects of this draft standard and would have welcomed more practicability. Photo: © jeshoots, unsplash.com / berya113 / Collage okapidesign/123RF.com
Take the paper that the North American National Elevator & Escalator Industry Association (NEII) recently published about cyber security. In my view, it presented a very reasonable approach. Communication of the lift components with each other was defined as a secure zone, just as secure as the cable connection between the electronic lift components.
Of course, this cable is not really secure either. You can gain access to the car roof with a simple triangle, cut the cable or create other dangerous conditions. However, the NEII established remote access to this “secure zone” as particularly worthy of protection. This means that the measures for cyber security have to start at this point, i.e., at the interface to the outside world. These corresponding components have to be specially secured and protected. In my opinion, this makes sense and is also practicable.
If the draft of ISO/DIS 8102-20 is adopted unamended, will the market participants you mentioned have to be prepared to introduce new qualifications, work processes, etc.?
Ebeling: It doesn’t mean this immediately. As long as this standard has not been harmonised in the EU, it does not have to be applied by any market participant unless it is explicitly required, e. g. in a call for tenders. I find this is regrettable, since we actually have to get to grips with cyber security and also facilitate secure remote access. On these grounds, I would welcome a practicable, technical and functional solution, which can also really be applied by every market participant.