Prioritizing Cybersecurity

Prioritizing Cybersecurity
The risk assessment now also covers cyberthreats.

Safeguarding modern lift systems from cyberattacks

by Thomas Schröder 
images courtesy of TÜV SÜD

In modern lift systems, digital elements and online correspondence have emerged as critical components of management and upkeep. More remote features, however, naturally increase the risk of system exploitation by unauthorized entities. In response, cybersecurity measures have taken the front seat when it comes to planning, designing, installing and operating lifts. 

Most newly installed lift systems have online access for a number of functions, including communication with manufacturers, service and maintenance providers, as well as various building-management and service systems. Some previously existing or modernized lift systems rely on an internet connection, as well. With each interaction representing an entry point for cybercriminals to take advantage of, this correspondence increases a system’s vulnerability to cyberattacks. Moreover, it means that cybersecurity measures are of the utmost importance for ensuring the safe operation of lift systems. Their effectiveness varies, however, and is contingent upon a number of factors, including frequency of updates and the quality and software of the elements used. Such measures are sometimes even legally required, making it paramount for manufacturers to keep up to date with current standards and regulations — at least if they want to continue to provide reliable and safe lifts, which is essential for the operators’ current and future trust.

Essential Cybersecurity Guidelines

Where cybersecurity is concerned, three standards or series of standards are of particular relevance for manufacturers and distributors: the ISO 2700x series of standards, the IEC 62443 series of standards and the ISO 8102-20 standard. The first two series of standards, while not directly related to the lift industry, enable manufacturers and distributors to address the topic of cybersecurity comprehensively. On the other hand, the ISO 8102-20, published in 2022, explicitly deals with the cybersecurity of lifts.

The ISO 27001 standard details general requirements with a classic information-technology (IT) security model suitable for a wide range of institutions of all sizes. It offers an ideal starting point that can be subsequently expanded upon with industry-specific requirements. More specifically, it addresses the processes of implementation, monitoring, maintenance and consistent optimization of information security management systems (ISMS). 

The IEC 62443 series of standards describes the cybersecurity requirements for industrial automation and control systems (IACS), which apply to any company that utilizes them, including manufacturers, system integrators and operators. Experts in the field regard IACS as belonging to the “operational technology security” (OT security) sector, as IACS deal with operational technological systems rather than traditional IT systems. For a more integrated approach, IEC 62443 also highlights how component manufacturers, integrators and system operators should collaborate with one another. A holistic overview like this is essential when considering the array of obligatory legal steps one must undertake to introduce a lift system to the market.

Prioritizing Cybersecurity
Safety-related measurement and control devices consist of programmable components in lifts that are in charge of safe operation and protection of people and goods.

The ISO 8102-20 standard not only expands upon the IEC 62443, but is also the first to fully detail the specific cybersecurity requirements for lifts, escalators and moving walks. Moreover, it specifically mentions lift system components and goes over their corresponding security requirements, of which only components with data exchange points are relevant. This series of standards also references security levels (SLs) to convey the extent to which protection is required. More information on security levels and corresponding cybersecurity measures can be found in the IEC 62443 standard, part 3-3.

A lift system operates by dividing its respective functions into four domains: Essential, Alarm, Safety and Others. Under the “Essential” domain are functions such as operational controls. “Alarm” functions include the emergency alert system, and “Safety” functions are in place to guarantee the lift operates securely for the user. Lastly, functions that fall under the “Others” domain are those which do not pertain to operational safety, e.g., advertising displays, and therefore are not designated any SLs.

Safety-related components with programmable electronic systems must not only adhere to the previously mentioned security means, but also to specific functional safety standards. This applies to all systems rated with a safety integrity level (SIL) classification. Each function within a lift system that is operated electronically and involved in the functional safety of the device must be classified under the Safety domain. Electronic emergency stop controls, for example, would apply. An in-depth list of electrical safety functions in lift systems is provided under Annex A of DIN EN 81-20:2020.

SLs apply not only to lift components linked directly to safety, but also to all elements of a lift system in the Essential, Alarm and Safety domains, such as general controls, door mechanisms, fire-monitoring devices and emergency-call systems. Additionally, lift operators in Germany need to familiarize themselves with Technical Rule for Safety in the Workplace (TRBS) 1115 Part 1 to ensure that they are meeting all current requirements (see text box).

Prioritizing Cybersecurity
Step one is to check all measurement and control devices related to safety: Are they sufficiently protected against cyberattacks?

Security Levels Versus SILs

In the field of functional safety, the terms SLs (security levels) and SILs (safety integrity levels) are not to be conflated. A high SL rating is preceded by an assessment that the respective component must be protected against well-trained and ambitious attackers. It suggests that a specific component being cybersecure is paramount and should therefore be maximally protected. A high SIL, on the other hand, indicates the equipment has a high level of dependability and should therefore function with high reliability. One could expect components with high SIL to have a high SL, but there is no direct correlation between the two.

According to the IEC 62443 standard, SLs fall under two categories: a universal SL that generates an overall security rating of a piece of equipment, and an SL vector. SL vectors are more all-encompassing than general SLs, defining and rating the various specific aspects of security within a particular piece of machinery. SLs are conducted in compliance with “FRs” — “foundational requirements,” or the basic procedures vital to an effective security approach. Things like access control, encryption, authentication, data security and emergency recovery also fall under this category (see Table 1).

Prioritizing Cybersecurity
Table 1: Excerpt from the required SLs in accordance with ISO 8102-20

When It Comes to Safety, Prioritize Prevention

The sooner action is taken to integrate cybersecurity measures into a lift system, the more effectively said measures can minimize both the risk and possible repercussions of a cyberattack. In the long run, preventive measures may not only reduce later effort and inconvenience, but also save on costs. This makes comprehensive familiarity with the ISO 8102-20 and IEC 62443 standards crucial to the process of implementing cybersecurity measures in lifts.

With their voluntary certifications, independent service providers like TÜV SÜD guarantee systems are compliant with applicable regulations, codes and standards. Such elective accreditations provide manufacturers and distributors extra assurance that their connected lift systems and components are aligned with cybersecurity guidelines, international regulations and, when applicable, the TRBS 1115 Part 1 Technical Rule for the German Market.

For more information, visit Cibersecurity Services for Lifts.

German Guideline Obligates Operators to Conduct Risk Assessments 

The Technical Rule for Safety in the Workplace (TRBS) 1115 Part 1, published in 2023, mandates that safety-relevant measuring, control and regulation devices must be cybersecure. This includes all elements within a lift system required for its safe operation. During risk assessment, operators must record any incidences of cyberthreats and the respective measures taken thereafter; this may also include consideration beyond safety-relevant measuring, control and regulation devices such as emergency alarm systems. Authorized inspection agencies must check the implementation of the required means of the TRBS 1115 Part 1.

Dipl.-Ing. Thomas Schröder

Dipl.-Ing. Thomas Schröder

Cybersecurity Expert Center of Competence Functional Safety, TÜV SÜD Industrie Service Mobile: +49 151 17603222, thomas.schroeder@tuvsud.com Lift, https://tuvsud.com/lifts-and-escalators

Get more of Elevator World. Sign up for our free e-newsletter.

Please enter a valid email address.
Something went wrong. Please check your entries and try again.

NAEC 2024 NexGen Retreat

NAEC 2024 NexGen Retreat

Lift Expo Algeria 2024

Lift Expo Algeria 2024

More Than Just a Showcase

More Than Just a Showcase

Built To Last

Built To Last

Critical Situation

Critical Situation

Building on the Past To Create the Future

Building on the Past To Create the Future

Eyes on Residential

Eyes on Residential

Economy of Kazakhstan and the Second Lift Expo Kazakhstan Fair

Economy of Kazakhstan and the Second Lift Expo Kazakhstan Fair