ACTIA IME

    ACTIA IME GmbH

    • Cybersecurity

    Design, develop & manufacture communication products in connected factories: the challenge of cybersecurity with several dimensions

    The pandemic has accelerated the digital transformation already underway for several years. Among the sectors of activity, industry is particularly affected by this transformation with the Factory of the Future. This new vision of the industrial sector opens up the possibilities with great technological reinforcement: with more automated, more connected factories, the multiplication of sensors, robots and cobots, the cloud, real-time data processing, machine learning or intelligence artificial. Technologies that give shape to the IIOT – Industrial Internet Of Things – and make the factory of the future a reality.

    This development calls for another: with the proliferation of IT systems alongside OT systems (Operational Technology, industrial equipment), the industrial system is more exposed to cyber threats. ACTIA, an industrial company, took the measures of these risks by implementing a global approach and solutions to secure its entire ecosystem (infrastructure, on -board systems, personal, third -party organizations, …).

    Indeed, beyond the technical security aspects of ACTIA’s production environment, meeting these challenges requires addressing cybersecurity more broadly, at the level of business processes, people, supply chains, etc. Beyond the protection objective, ACTIA incorporates cybersecurity as a strategic axis of its development, as a pillar of its on –board systems, as a condition for the success of its factory of the future, and integrating it into the sheet on the road to its innovations. The group has put itself into battle order to treat cybersecurity as a condition for the success of its Factory of the Future and a guarantee of the reliability of its on-board systems.
    verrou-data-2
    Engineering-services-division-02

    Cybersecurity: a new core automotive concern

    Cybersecurity is a new challenge for transport professionals. This sector remains particularly vulnerable not only because it is part of a chain of multiple players and but also because it generates and shares huge volumes of data.

    With the rise of digitisation, threats for all links of the supply chain are increasing. The geolocation of vehicle, administrative and regulatory monitoring of drivers, vehicle maintenance, and all of the exchanged data are all potential targets of cyberattacks, hacking and theft. The consequences can be catastrophic for professionals in the sector.

    The advent of connected and autonomous vehicles or intelligent freight is exacerbating the threats. Modern transport is becoming increasingly computerised and therefore faces the risk of cyberattacks. Vehicles are increasingly program-controlled, interconnected and semi-autonomous.

    This is why manufacturers and equipment suppliers such as ACTIA are taking system security very seriously. ACTIA has developed a holistic approach that integrates cybersecurity into the life cycle of its products intended for vehicles. The Group is thus contributing to limiting the risks of successful cyberattacks against trucks.

    ACTIA is future-ready for cybersecurity norms and standards by participating in the drafting of standards & regulations

    ACTIA is participating in the drafting of ISO / SAE 21434 standards on the cybersecurity of road vehicles, as well as UNECE WP29 regulations on cybersecurity and software updates for road vehicles. The Group’s experts are representing ACTIA in global standardisation communities and are involved in the drafting of standards.
    ACTIA is thus prepared to incorporate the latest standardisation requirements right from the design process for its products and is able to offer its customers products and services that meet the latest standards.

    ACTIA IME is TISAX certified

    The ENX Association supports the joint acceptance of information security assessments in the automotive industry through TISAX (Trusted Information Security Assessment Exchange) on behalf of the VDA. TISAX assessments are conducted by accredited auditing service providers who demonstrate their qualifications at regular intervals. TISAX and TISAX audit results are not intended for public access.

    For ACTIA IME GmbH, the confidentiality, availability, and integrity of information are of high value. We have implemented extensive measures to protect sensitive and confidential information. Therefore, we adhere to the information security questionnaire of the German Association of the Automotive Industry (VDA ISA). The audit was conducted by an auditing service provider, in this case, the TISAX auditing service provider DEKRA. The results are exclusively accessible via the ENX Portal: https://portal.enx.com/en-us/TISAX/tisaxassessmentresults.

    TISAX Result Available

    ACTIA is ISO 27001 and TISAX certified

    ACTIA France is both ISO 27001 and TISAX certified.

    Its other companies in Spain, Belgium, Tunisia and the USA are either ISO 27001 certified or in the process of becoming certified. ISO 27001 certification measures and the introduction of various cybersecurity standards, particularly ISO/SAE 21434, are being implemented jointly through optimizing synergies and exchanging opportunities.

    ACTIA incorporates security into its organisation

    ACTIA is organised around a team dedicated to the information security management system (ISMS)

    This team ensures that cybersecurity is properly taken into account from end to end of the design, development and manufacturing cycle of the products offered by the Group. But it does not stop there, because ACTIA also supports its customers in protecting against cybersecurity risks, and in particular with regard to its telematics products. For example, the TGU-R telematics unit, dedicated to the truck, bus and special machinery market, comes with a “cybersecurity manual”. This manual allows customers to develop their applications independently and in line with the product security constraints.

    ACTIA has a team dedicated to product security

    This team ensures that cybersecurity is properly taken into account from end to end of the design, development and manufacturing cycle of the products offered by the Group. But it does not stop there, because ACTIA also supports its customers in protecting against cybersecurity risks, and in particular with regard to its telematics products. For example, the TGU-R telematics unit, dedicated to the truck, bus and special machinery market, comes with a “cybersecurity manual”. This manual allows customers to develop their applications independently and in line with the product security constraints.

    ACTIA relies on a cybersecurity coordinator

    For each project, ACTIA appoints a dedicated cybersecurity project manager, who is the point of contact for cybersecurity issues. He/she organises collaborative work on risk assessment and compliance with current requirements. He/she provides assistance during the definition of threats and product security targets.
    cybersecurity-man

    ACTIA integrates cybersecurity at every stage of the life of products and services

    The ultimate goal is to assess and address the cybersecurity risk. ACTIA has put in place a security risk assessment method based on ISO SAE 21434, which helps to determine levels of cybersecurity risk and reduce them. By applying this method throughout the life cycle, ACTIA ensures that cybersecurity risks always remain acceptable.

    Through ongoing collaboration with its customers, ACTIA can integrate a holistic approach focused on cybersecurity risks across all our products and services and throughout the vehicle life cycle: from design to decommissioning. ACTIA has the ability to apply ISO SAE 21434, the new global cybersecurity engineering standard for automotive projects.

    The Group thus assists its customers in proving the compliance of their vehicles with the UN regulations on cybersecurity for road vehicles. ACTIA has experience in the certification of products according to the Common Criteria for Information Technology Security (ISO 15408), up to level EAL4+.

    Cybersecurity step by step:

    1. In the tendering phase

    ACTIA can assist customers in defining their cybersecurity strategy. It can offer a secure product architecture and a security concept that meets all customer requirements, including those imposed by regulations or standards (such as GDPR, UN-ECE regulation, ISO SAE 21434).

    2. Design & development

    ACTIA can reinforce its product development effort with the activities and documentation provided for in ISO SAE 21434. The Group is currently mapping cybersecurity activities and requirements in the product design and development process. This allows cybersecurity to be integrated into all other disciplines, while establishing best practices in this area.

    3. Post-development

    The security of the production environment is also part of ACTIA’s know-how and the Colomiers (France) manufacturing plant has been ISO 27001-certified since 2018. Within a contractual framework, ACTIA is able to maintain the cybersecurity of its products throughout their use, by monitoring the state of cybersecurity, analysing vulnerabilities and responding to events.

    Cybersecurity in actia products: defence in depth

    From the design phase, ACTIA products can be planned to include measures that strengthen the cybersecurity of the system, including:

    • Authentication & integrity check of the software at start up,
    • Storage of encryption keys, generation of random numbers,
    • Communication encryptions,
    • Secure software updates,
    • Mutual authentication between the product and remote servers.

    Need further Information? Get in touch with us.

    Contact form
    Product Fylers & Software
    Scroll to Top