Lift cybersecurity

Modern lifts use information technology and data exchange e.g. for remote monitoring systems or software updates over the air to operate and supervise the lift and its components. But not only lift operations and maintenance are subject to digitisation. It also includes the transition of safety components from mechanical and electrical devices into devices with programmable software logics such as PESSRAL.

These changes give rise to new vulnerabilities and threats. As a lift manufacturer, supplier, operator or facility manager, the emerging risks inevitably need be considered. 

Lift manufacturers, suppliers, operators and facility managers are obliged to ensure that lifts are resilient against cyber threats. Cybersecurity framework as ISO 62443, technical standards as ISO 8102-20 and best practices guide the way. In addition, cyber security is gradually included into national regulations.

The lift installations can be a gate of entry not only for potential hackers but respectively for unauthorised access to collect or manipulate data and information of the lift or entire building. The lift installation can be manipulated for instance by switching off safety functions and locking people in. It can endanger lives and cause unnecessary stress.

Modern lifts are increasingly connected and digitally controlled, making them potential targets for cyberattacks or unauthorised manipulations. A compromised lift installation can provide a gateways to access building data or manipulate operations, safety-critical functions, issue unauthorised commands, or access sensitive operational data. Such breaches not only compromise passenger safety, potentially overriding emergency protocols and threatening the security of the building infrastructure. Implementing robust cybersecurity measures is essential to mitigate these risks and ensure operational resilience.

Companies must invest in training and hiring specialists to manage cybersecurity risks adequately. 

At TÜV SÜD, we are proud of our long-standing history in combining safety with innovation. We have provided lift cybersecurity and certification solutions in various industries for over 20 years. Our team of interdisciplinary experts leverages their experience and knowledge to provide customers with complete lift security solutions. Tap into our global reach and local insights to ensure the security of your lifts. By protecting the integrity and availability of your lift operations, you demonstrate your commitment to advanced safety measures and enhance market competitiveness.

Services for lift manufacturers and suppliers 

• Cybersecurity readiness index - Provide an overview on your company’s readiness in the field of cybersecurity and identify any need for actions
• Technical conformity check (ISO 8102-20) - Provide a direct comparison of necessary actions in the current state and future framework
• Attestation for cybersecurity conformity - Demonstration of cybersecurity readiness and technical resistance towards cyber threats
• Penetration test and vulnerability scan - Provide technical proof on the component level to prove cyber resilience 

Services for lift operators, contractors and facility managers

• Risk assessment for installed lifts - Understand the potential cyber risks particularly for lifts installed in critical infrastructures such as governmental buildings, hospitals or airports
• Specification assessment for secure lift systems for new equipment, modernisation and refurbishment - Lay the foundation for all future installations according to your desired risk acceptance level.