WEBER-HYDRAULIK with a focus on cybersecurity in the field of products and systems

Damage prevention

Güglingen, 25 May 2023.                   Even the smallest security gaps can cause massive damage: WEBER-HYDRAULIK is aware of the hazards associated with attacks on the system components contained in its own products and has therefore established its own Competence Centre for Functional Safety and Cybersecurity in Development. The centre specialises in identifying and eliminating product security gaps as well as in preventing hacker attacks during the development of products and systems and their operation by the customers.

The implementation of standardised processes is one of the tasks of the team around Maher Sahli, Head of the Competence Centre for Functional Safety and Cybersecurity in Development at WEBER-HYDRAULIK. “Management processes in product, IT and OT cybersecurity are absolutely essential for companies. Nowadays, businesses can’t afford to be careless in this area”, Sahli says.

The Competence Centre has two main areas of activity: increasing functional safety in the automotive sector and product cybersecurity. Functional safety concentrates on closing security gaps that are caused by system errors and may lead to accidents involving personal injury. Cybersecurity focuses on external attacks on the products and systems during their development and operation by the customers. The product always plays the central role for the Competence Centre for Functional Safety and Cybersecurity. “At WEBER-HYDRAULIK, the three pillars of cybersecurity, namely product, IT and manufacturing cybersecurity, are working hand in hand on a joint security strategy. Expertise from different areas and different profiles allow for covering potential threats to the greatest possible extent”, Maher Sahli says about the cross-departmental collaboration.

The centrepiece is a continuous monitoring system designed to detect and classify hazards in good time. “Threats from the Internet can come in different forms, and we need to keep an eye on all of them. Have any algorithms we use been cracked? Are there any new attackers or attack methods? Based on that, we develop an impact analysis that allows us to determine whether there is a threat to our products and systems and whether measures have to be taken”, Sahli says about the diverse challenges of the Competence Centre.

Cybersecurity in R&D is absolutely essential

The impact analysis is also taken as a basis to define measures for worst-case scenarios. “In the event of an acute threat situation, we don’t have the time to develop measures. They have to be defined in advance so that we don’t waste time”, Sahli says. He considers following up on incidents to be no less important than prevention and process definition: “Luckily, we’ve never been in that situation, but should one of our products be attacked, the attack would always have to be analysed afterwards. Only then can we close any security gaps optimally and permanently.” To Sahli, this approach is part of obligatory cybersecurity management in this area throughout the entire product lifecycle, from development to end-of-life.

This is all the more important given that hydraulic systems are becoming more and more digital. Embedded systems will increasingly complement, or even replace, the hydraulic and mechanical functions. This facilitates system maintenance, for example by making it easier to install updates, but digital systems are also more vulnerable to hacker attacks. “The demands on us are increasing along with the increasing complexity of systems”, Sahli says.