October 26, 2021
Once upon a time, KONE's job was pretty much done when an elevator had been installed into a building and a maintenance engineer would show up periodically to make sure that it went up and down, or when the team would take on modernization projects
While this solid foundation remains, with quality being among the top reasons why customers choose KONE, fast-forward to today’s world of smart digital experience elevators and connected entry systems, and the landscape is dramatically different.
While advances in technology often make life simpler and more efficient, they also provide tempting opportunities for cyberattackers. As a result, it can seem like work in this sprawling digital arena is never done.
"When it comes to cybersecurity, you can always claim something is secure," says Mika Katara, IoT security manager at KONE, "but how do customers really know that it is? If you have some kind of incident, then of course they will know that there is a security problem, but otherwise, it’s very hard for a customer to know how secure a system is."
A challenge becomes an opportunity
Over the past few years, KONE has set out to address this uncertainty, turning the challenge into an opportunity to create and develop solutions that are as secure as they can be. As Katara proudly points out, KONE now boasts IEC 62443-4-1 certification, which confirms improved cybersecurity processes and industry-wide best practices.
"It helps us to build our systems in a way that ensures security by default," says Katara. "It gives us the framework to develop them so that they are as secure as possible, right down to contemplating the target profile of the potential attacker."
This, he explains, is important. Not every project needs top-tier cybersecurity built into it – especially when there is a cost involved. There's a difference between the level you might need in a small, three-story residential development and, say, an airport.
"We also need to have an incident response process so that if there is a cybersecurity problem, then we have a system in place to deal with it," says Katara. "This standard also helps with that."
A common language for everyone
IEC 62443 is especially helpful when working with partner companies, as is typically the case when KONE is involved in a project. Jana Adams, cybersecurity expert at TÜV Rheinland, who awarded KONE's certification, notes that one thing the standard sets out to do is enable "all entities to work together, meaning that the operator gets a secure system, which consists of secure components."
Katara adds that it also gives all parties the opportunity to be precise in the language they use. "It means that we're all on the same page," he says. "When a customer says they want protection at a specific level, for example, we can all check against the standard and know what that means."
KONE is the first company in its industry to achieve IEC 62443-4-1 certification. Being able to discuss what this means with potential customers is something that Adams feels is sure to be appealing.
"The trust in certified systems is higher because there has been an external party confirming the security," she says. "Beyond that, an organization with certified processes – like KONE – has proven to be able to swiftly react to changes in the cyberattack landscape."
Cybersecurity is an ongoing effort
Across KONE, the effort to build systems that outfox cybercriminals remains an ongoing priority. The next step, says Katara, is to develop an industry-specific ISO standard which will help to make security even more robust.
"Our aim is to make sure that customers understand that KONE is handling cybersecurity in the best possible manner, based on established standards," he says. "Ultimately, we want our customers to trust that when they choose KONE for a project, we have security covered.”