Cyber Resilience Act Sick Develops Cybersecurity Tool

Related Vendors

Sick AG

Taiwan Machine Tool & Accessory Builders' Association (TMBA)

Wuxi InfiMotion Technology Co., Ltd.

SIMTOS (Seoul International Machine Tool Show)

Sick, together with the Fraunhofer Institute AISEC, has developed the open-source tool "QuBA-libre." The questionnaire-based system is designed to support companies in the risk assessment of digital products while meeting the requirements of the EU Cyber Resilience Act.

Together with the Fraunhofer Institute for Applied and Integrated Security (AISEC), Sick AG has developed the risk assessment tool "QuBA-libre." The tool is designed to validate the cybersecurity status of products. This applies to sensors or edge devices as well as simple systems already during their development cycle. According to Sick, the questionnaire-based assessment enables quick and precise analysis and evaluation of risks. Furthermore, the open-source tool generates suggestions for countermeasures to mitigate identified risks. After completing the risk analysis, "QuBA-libre" automatically creates a list of actions that summarizes the results and maps them to the requirements of the CRA.

Cyber Resilience Act Comes into Force in 2027

The EU Cyber Resilience Act, adopted in 2024 and coming into force mandatorily in 2027, aims to significantly improve the cybersecurity of products with digital elements. To achieve this, the regulation (Cyber Resilience Act—CRA) sets requirements for the cybersecurity of such products throughout their entire lifecycle. The regulation is intended to ensure that only products without known vulnerabilities enter the market. Therefore, the CRA explicitly mandates risk assessments for all products with digital elements.

Early Integration into the Development Process

With the questionnaire-based assessment method of "QuBA-libre," it should be possible to conduct risk assessments already in the early phases of product or system development. As required by the CRA, this could avoid attack surfaces and allow suitable protective measures to be planned during the design and conceptual phases. According to the manufacturer, potential security gaps could thus be identified and corrected early in product development. The concepts for the cybersecurity of products and systems created on this basis are intended to ensure that protection mechanisms are directly integrated into the product design.

Automated Result And Requirement Documentation

By capturing responses to questions about impact assessment and required attack potential, as well as through automated risk evaluation and the generation and allocation of appropriate protective measures using integrated catalogues based on IEC 62443-4-2, "QuBA-libre" aims to enable a comprehensive analysis of the cybersecurity of a product or simple system. Any remaining risks are identified and made available for evaluation by cybersecurity specialists. Upon completing the risk assessment, "QuBA-libre" automatically generates a list of actions summarizing the results and mapping them to the requirements of the CRA. According to the manufacturer, the tool is designed to establish CRA-compliant cybersecurity as a quality feature.

Secure and Compliant Authentication in Laboratories

Secure & Contactless User Authentication at GMP/GLP