Annual Report
2022 / 2023
2022 / 2023
Building Resilience
Cyber attacks are a growing threat. Current figures from Check Point Research (CPR) show that in 2022 the number of attacks in Germany rose by 27 percent. Worldwide, companies recorded an average of 1,200 attacks each week in the fourth quarter of 2022.
These attacks targeted not only companies, but also governments, administrative bodies, and consumers. Through its Cyber Security Hub (CS Hub), DEKRA is taking a holistic, 360-degree approach to cyber security.
DEKRA’s CS Hub helps people, products, and organizations become more resilient to the risks posed by the internet. Its core competencies include functional safety and product testing. The automotive sector is a particular focus for the CS Hub because cars already have a high degree of connectivity, which means there is a considerable risk of cyber attacks that could endanger human lives.
To help the automotive sector become more resilient, the CS Hub tests and certifies in accordance with international cyber security regulations and standards. The “Global Cyber Security Outlook 2023” published at the World Economic Forum in Davos confirms that 29 percent of company directors are in favor of bringing in stricter regulations for cyber resilience.
For automotive manufacturers, certification in accordance with UNECE Regulations R155 and R156 is of enormous significance for type approval. It verifies that a vehicle has a functional cyber security management system (R155) and a software update management system (R156). In addition to technical inspections, cyber security training for CS Hub customers plays a key role in increasing employee resilience.
Senior Vice President Global Cyber Security Services DEKRA
As SVP Cyber Security Services, Andy Schweiger is actively driving and supporting the implementation of the Group’s strategic goals as well as all transformation initiatives around cyber security. Within his role he also owns the global responsibility for cyber security including the DEKRA Cyber Security Hub.
Andy brings 25 years of experience in innovation and digital transformation and +5 years in the TIC industry where he has held different positions in consultation and top management. He has broad experience in scaling and strategically developing cyber security services business and cross-industry development of digital products and services. Andy has an academic background in Business Administration and Business Engineering.
The battles between the attackers and defenders in the cyber security war are becoming increasingly intense. Although hardware and software solutions are growing in complexity, the security deficits in systems are also increasing, and cyber attacks are more sophisticated than ever before. To give an example: These days, a car may have around one million strings of software source code – and this number is increasing. As a rule of thumb, this could result in around 150,000 bugs, of which 10 percent could be used for cyber attacks, i.e., 15,000 potential gateways for hackers!
Our work is making an important contribution to the review of cyber security standards and regulations that, for one thing, are used to inform legislation. With our neutral testing expertise, we help our customers prophylactically identify vulnerabilities in the very early stages of developing their products or services. These risks are often overlooked and could have disastrous consequences in the event of a cyber attack.
The crucial factor here is the exchange of knowledge within our Cyber Security Hub and between cyber security experts worldwide. Our aim is to build resilience against dubious subcultures in the far reaches of the internet. In concrete terms, we are relentlessly expanding our teams’ expertise through professional development and dialog between different cyber security disciplines, through collaboration with universities, and through participation in specialist work groups. Moreover, the Cyber Security Hub operates as an interdisciplinary community in which the exchange of expertise across national borders, specialist disciplines, and cultural contexts takes place on a daily basis. Our vision is for us and our team to establish a central cyber security think tank with a pool of more than 300 experts who are passionate about building cyber resilience.
The consequences of a cyber attack on the charging infrastructure for electric cars could be serious, but this is something that people have not yet fully understood. Such attacks range from a (wide-scale) power outage and dangerously elevated currents to the misuse of personal data and payment details. Should an attacker manage to gain access to a charging station, they could also potentially disable the entire charging network – a nightmare for any charging network operator or for the car driver who depends on charging being reliable and secure.
Charging infrastructure cyber security is still in its infancy. Although existing regulations cover individual aspects of cyber security, no specific standards have been established so far. This is something that the EU and the USA are currently working on. However, until they come into effect, some countries are using existing standards, such as ETSI EN 303 645, as a point of reference.
As a result, the manufacturers and operators of charging infrastructure are not yet obliged to have the cyber security of their products or networks tested. However, DEKRA has already made preparations by developing an extensive cyber security certification program that completes its portfolio of services for safe charging infrastructure.
It includes checking the infrastructure’s interoperability, its compliance with national and international standards, and its electrical safety and electromagnetic compatibility. This end-to-end testing ensures safe communication between the electric vehicle, the charging station, and the charging point operator.
»We offer the largest testing scope and the most comprehensive accreditations in the sector and can therefore test any charging infrastructure from end to end.«
The cyber security certification program meets the specific requirements of the electric vehicle charging infrastructure. It is based on recognized cyber security standards, supplemented by the knowledge of DEKRA’s e-mobility experts. “Our program overcomes a regulatory security deficit and will be a bridge for our customers, so that new regulations can be implemented in the various regions,” says Vincent Roes. The program was developed under the leadership of the Product Testing Service Division. Following its roll-out in Málaga, the service is now also being offered in the laboratory in Arnhem, Netherlands, which is the DEKRA competence center for charging infrastructure. The service is also set to be introduced at the labs in Asia and the USA.
E-mobility
The DEKRA certification stamp on a charging station tells the electric car driver that the device has successfully passed the cyber security certification program. This includes testing for vulnerabilities, for example, and means that user and charging process data are encrypted and stored safely, thus minimizing the potential for misuse.
Summary
Each new level of digitalization shifts cyber security further into the spotlight. DEKRA’s response to this has been to build expertise and solutions in its dedicated CS Hub. As a result, the company has an excellent position in a market that is estimated to grow to as much as 250 billion euros by 2035.
