Dear Madam, Dear Sir,
we have developed a holistic concept for the defense against cyber attacks and failure of product features due to IT connectivity:
Security4Safety also secures your medical products with an Internet interface.
The Federal Office for Information Security (BSI) highlights the threat posed by cyber attacks in 2017 and highlights the vulnerability of businesses to attacks. The malicious programs that are being released into the global network via accounting software updates in Ukraine and Russia are having enormous economic consequences. This illustrates how vulnerable many companies are to the risks of digitization and the impact of not understanding cyber security as a prerequisite for successful digitization. For example, IT security researchers last year discovered a security vulnerability that leads to denial of service (DOS) attacks or malicious code being executed.
All industries and areas are affected, whereby the targets of the attackers can vary. In manufacturing companies, finances suffer from possible production losses, damage to machinery, patent theft or cyber extortion. In the power plant sector, the danger picture goes far beyond that. For example, when power plants are shut down due to hacker attacks, this can lead to an acute political emergency. In the medical environment, potential external takeovers of safety-relevant medical equipment could even result in a large number of personal injuries.
In view of such threat scenarios, new paths must be taken in the risk analysis and technical testing of plants and products. Functional security and IT security should therefore no longer be treated as separate fields of action. TÜV NORD regards the connection between security and safety as "Security4Safety" and thus enables new ways of combating and preventing hacker attacks. Security is the security of data with regard to availability, confidentiality and integrity. Safety refers to the safety of people and the environment, for example with regard to functionality, electrical and design safety.
We want to protect you as a customer from hacker attacks, we at TÜV NORD CERT must identify whether your product has one or more interfaces with a connection to the Internet. Both Ethernet and WLAN can be used. Local networks or a communication protocol via CAN, Bluetooth or USB are further attack surfaces that should be checked. So that we can decide where steps may have to be taken in the next audit, we need your help.
To pro-actively address and eliminate potential hazards, please let us know your products that have the above connection characteristics and return this information to us. In order for the information to be assigned and for an audit to be carried out, it would be advantageous for you to confirm your name by 31.05.2019.