SNV Story No. 9: CertX

Automation, robotics, drones, autonomous vehicles – there is so much we could talk about with the certification body CertX in Fribourg. When we sat down with CEO Jens Henkner, we decided to discuss operational cybersecurity, autonomous and electric vehicles, artificial Intelligence and, of course, standards.

Hacker attacks on cars or ventilators?
Cybersecurity is about more than just hacker attacks on a company’s e-mail system, servers or customer databases. Everything on a network can be hacked: from medical equipment to power grids, from home alarm systems to gas networks. These cases fall under the term «operational cybersecurity». For example, if a car has been manufactured after 2017, it contains a SIM card as standard. This SIM card automatically places an emergency call in the event of an accident. A small feature that connects the car to other systems, making it an attractive target for hackers. For example, in 2015, hackers were able to commandeer a Chrysler Cherokee with no cables and from a great distance using nothing but a laptop. The driver no longer had any control over the engine, steering or brakes. The result? Class action lawsuits, legal proceedings, software updates and the recall of 1.4 million Chrysler Jeeps.

A more recent example is the hacker attack on the largest petrol pipeline in the US, which resulted in Colonial Pipeline paying hackers millions in US dollars and Bitcoins in order to regain control over their petrol supply. To avoid these security gaps wherever possible, processes and products are evaluated and certified in terms of their security. «It’s a smart idea to involve a certification body early on in the process of developing a product or a service because the development process is a key element of a certification, and you cannot make any corrections after the fact,» explains Jens Henkner.

Hackers with good intentions?
In order to make it as difficult as possible for hackers with bad intentions to succeed, manufacturers, industrial users and end consumers must be aware of any security gaps and comply strictly with any and all preventive measures. Attacks like the one on Chrysler were carried out on purpose in order to alert companies to major gaps in security. In their free time, CertX employees are also involved in what is referred to as «ethical hacking» so that consumers and companies can avoid serious incidents. Jens Henkner emphasizes: «In order to achieve the greatest possible security, everyone – from developers to end users – has to develop and use networked devices correctly. We need cybersecurity to ensure that products that are secure in the factory remain secure in the real world. Unfortunately, many actors still choose to wait until something bad happens rather than take the necessary steps to prevent it from happening in the first place.»

Mistakes: a learning opportunity or a black mark?
«In the aerospace industry, it has long been standard practice to share information about mistakes so everyone can learn from them.» However, most industries are far from embracing this practice unconditionally. For example, it’s hard to imagine the automotive industry openly discussing their mistakes the way they do at Boeing. And yet, car makers are slowly changing their attitude towards mistakes. Jens Henkner feels certain that standards will play a key role here as well. He elaborates as follows: «Standards are just experience laid down in writing. As an engineer, I don’t see the point in reinventing the wheel.» CertX also believes in this approach. That is why in their day-to-day work with their customers, they see themselves as an expert partner rather than a stodgy inspection authority. «We are the co-pilot. We read the checklist and ask the right questions so that the customers can easily find the right solutions for themselves.»

Do I drive my car or does it drive me?
Traditional combustion engines are no longer the only mode of transport dominating our streets. The number of electric cars is steadily increasing. Phrases like «autonomous driving» are heating up the discussion about safe driving. If we believe the visionaries, street traffic will undergo a fundamental change in the coming years. It’s a fact that the automotive industry today is facing entirely different challenges compared to a just few years ago. Building mechanical and electric cars are two completely different disciplines. For example, when cars no longer have a clutch (the manual control that interrupts propulsion), manufacturers are faced with new tests that require functional, secure control systems. New puzzle pieces like charging stations or more powerful batteries are now also appearing on the radar. Today, the main issue facing electric cars is batteries catching fire, not problems with driver assistance systems. «Even in this kind of innovative environment, standards help by serving as examples of best practices and as a recipe book during development,» says Jens Henkner. «Raising awareness amongst employees and proper training are the keys to success. That is why we are proud that, before COVID-19, we trained more automotive employees in the area of standardization than anyone else in the world.»

What does Jens Henkner think about autonomous driving? He sees a great deal of potential when it comes to highway driving; however, given the complexity of inner-city driving, he finds it hard to imagine autonomous driving in that scenario any time soon. CertX believes in the multimodal transport of the future, and is therefore involved in the School Of Management Fribourg’s SwissMoves research project, where they contribute their knowledge of certifications in the areas of functional safety and cybersecurity.

And what about artificial intelligence?
Today, many applications use artificial intelligence, in particular for image recognition in various aspects of automation. The difficulty lies in the fact that after development, these neural networks effectively become a black box, making them difficult to monitor. For this reason, it is even more important to pursue a process-oriented approach and the corresponding certifications. If errors occur while someone is driving, for example, they are always attributed to individual drivers as failures and not seen as systematic errors. Artificial intelligence now needs to prove that it is safer than humans, that it does not exceed current human error rates, and that it is free of systematic errors. Real-world proof requires an immense amount of testing, which is prohibitively expensive in today’s development cycles. In addition, there are still almost no official standards in this area. «It’s no longer about evaluating the final results, but rather about optimally regulating the development process in order to achieve an equivalent level of safety.» Factors such as the dual-control principle, seamless documentation, a clean data basis, digitalized tests, etc., all play an important role in determining the safety of neural networks. «The biggest challenge is to pack agile systems into formalized standards. In the field of standardization work, there are sources of friction between everyone involved that I find to be extremely helpful because, at the end of the day, they lead to good results,» emphasizes Jens Henkner.

Certification bodies: spoilsports or partners?
CertX’s answer to this question is unequivocal. As the first Swiss certification body for functional safety and cybersecurity, they clearly see themselves as a partner. «Our knowledge of standards and standardization helps our customers adapt their processes from day one in order to achieve the greatest possible success, prevent errors during development, and therefore save time and money. At the same time, we also bring our practical knowledge to our standardization work with the SNV, which creates a loop, making standards more pragmatic and designing the development process to be more effective. Don’t be afraid of standards; you can take advantage of all of the knowledge collected in our guidelines and in our minds.»

CertX
CertX was founded in 2018. It is the first Swiss certification body for functional safety and cybersecurity and is accredited by the Swiss Accreditation Service (SAS). CertX’s five employees attach great importance to a high degree of impartiality, objectivity and trustworthiness. In addition to the application of existing standards, CertX also plays a role in designing future standards. For example, they are the Swiss delegates for ISO 21448 (SOTIF – Safety of the intended functionality for autonomous vehicles) and a member of the technical committee TC65 «Industrial process measurement, control and automation» for IEC 61508 and IEC 62443. CertX is integrated into a strong and innovative partner network.

Dr Jens Henkner
Jens Henkner studied Aerospace Technology at the Technical University of Munich and completed his doctoral thesis in the Department of Flight Mechanics in 1999. He started his career at Fairchild Dornier as the Head of the Development Team for the flight physics of the Dornier 728. As Chief Engineer, he was entirely responsible for the development of the 70-seat regional airliner. In 2003, he came to Airbus where shortly thereafter, he was named VP and Chief Engineer of the German share of the A330/340 programme, including responsibility for the safety of the active fleet. Another professional milestone was his work at Suzlon, an Indian OEM for wind turbines, where he served as the Managing Director of Suzlon Energy GmbH in Germany and, as the Head of Technology, led development teams in India, Germany, the Netherlands and Denmark. In 2018, he helped establish CertX as CEO. Jens Henkner is 55 years old and lives with his wife and son in Freiburg, Germany. He enjoys spending his free time in the mountains.

Find out more
CertX
CertX blog categories automotive industry | cybersecurity | drones | machinery |railways
SwissMoves