International Standards Organization publishes new cybersecurity standard
With the growth of the number of remote and IoT applications in elevators, escalators and moving walks, it was high time to issue a standard in the field of cybersecurity. The International Standards Organization has taken up that task and published ISO 8102-20.
The new standard is largely based on IEC 62443. It contains many references to this existing standard. A good development, according to Liftinstituut, because the wheel need not be reinvented every time.
What is the scope of the new cybersecurity standard?
The new standard lists all cybersecurity requirements for elevators, escalators and moving walks. The standard does not only apply to the operation and maintenance stage of the product. It refers to the entire lifecycle from product development to final decommissioning. Therefore, the standard prescribes both product and process requirements.
The standard applies to EUC (Equipment Under Control) that is capable of connectivity to external systems such as building networks, cloud services, or service tools. In addition, the ISO 8102-20 complies to EUC interfaces (either only onsite, wired or not). External systems and services as such are out of the scope of the standard.
Which functions does the ISO 8102-20 apply to?
The new standard sets out the minimum cybersecurity requirements for the following functions:
- Essential functions (for the usage of lift, escalator or moving walk)
- Safety functions (for protection against danger)
- Alarm functions (for sounding an alarm and set up a communication to a rescue service in the event of a malfunction)
ISO 8102-20 has three security levels. E.g. for the safety functions the strict security level 3 has to be applied, for the alarm functions security level 1 is sufficient.
Is certification according to ISO 8102-20 mandatory?
Manufacturers of elevators, escalators, moving walks and components are not obliged to have their product certified according to ISO 8102-20. However, the new standard expressly advises to have an independent third-party carry out security vulnerability analysis and periodic penetration testing. Liftinstituut is happy to guide you with this analysis and testing process.
Do you have any questions about the cybersecurity standard for lifts and escalators?
The text of the standard is available on the site of ISO.