Sponsored Content

Securing the Long Haul: Why Diagnostics and Cybersecurity Must Merge in the Off-Highway Sector

The off-highway sector is reaching a critical tipping point. As excavators, haul trucks and wheel loaders transition into highly complex, software-defined machines, the traditional model of mechanical service is fast becoming obsolete. Today, keeping these heavy-duty assets operational requires managing a complex web of embedded software, cloud connectivity, and remote updates.

To unpack this shift, “Global Mining Report” spoke with Dr. Claudio Seitz, Portfolio Manager for Security, Information, and Diagnostics at ETAS. His message is clear: OEMs and Tier suppliers can no longer treat diagnostics and cybersecurity as separate disciplines. To secure uptime, maintain market access, and protect intellectual property, they must treat them as a single, unified, lifecycle-spanning capability.

The Shift from Wrenches to Code

Traditionally, diagnostics was a reactive, workshop-based activity focused on replacing physical parts. In software-defined machines, however, root causes frequently lie in the complex interactions between software, electronic architectures, and remote backend systems.

“Diagnostics is becoming a strategic uptime and compliance function rather than a purely workshop-based repair activity,” Seitz explains.

By leveraging cloud-based diagnostics and secure Over-the-Air (OTA) updates, field service is becoming highly proactive. OEMs can assess machine health remotely, prioritize root causes, and deploy patches directly in the field. Under upcoming frameworks like the EU’s Cyber Resilience Act (CRA), secure OTA and remote logging are no longer optional digital perks—they are mandatory lifelines for maintaining compliance throughout a machine’s lifecycle.

Navigating the Unique Off-Highway Threat Landscape

A primary differentiator between passenger cars and off-highway machines lies in their threat profiles. While automotive cybersecurity focuses heavily on passenger safety, off-highway risk assessments must elevate operational uptime, theft prevention, and severe financial liabilities to the same critical level.

Because off-highway machines operate in remote, physically insecure locations, perimeter security is insufficient. Seitz advocates for a shift to a Zero Trust architecture. This approach assumes the physical perimeter is compromised and relies on:

  • Cryptographic identity management for all connected components.
  • Strong, role-based authentication for every diagnostic and functional interface.
  • Active monitoring through a continuous Cybersecurity Management System (CSMS) to detect field anomalies in real time.

The CRA Countdown and the “Old Metal” Challenge

With CRA compliance deadlines fast approaching in September 2026 and December 2027, cybersecurity is now a market-access issue in the EU. For new machines, security must be built-in by design. However, off-highway fleets are notoriously long-lived, with “old metal” remaining in service for 15 to 20 years.

Seitz recommends a pragmatic, two-pronged roadmap:

  1. For Legacy Fleets: Protect installed equipment using gateways, network segmentation, and hardened access paths rather than attempting full, cost-prohibitive architectural redesigns.
  2. For New Fleets: Build immediate operational capabilities—such as Product Security Incident Response Teams (PSIRTs) and Software Bill of Materials (SBOM) tracking—using interim frameworks like IEC 62443 and ISO 24882.

Balancing Right to Repair with IP Security

The global push for Right to Repair often puts OEMs in a tough spot: how do you grant diagnostic access to independent technicians without exposing sensitive IP or safety-critical functions?

Seitz proposes controlled openness. By utilizing a standardized Secure Diagnostic Access (SDA) framework based on cryptographic tokens and Role-Based Access Control (RBAC), OEMs can securely grant independent repair providers the exact data and calibration tools they legitimately need. This protects core intellectual property while opening new revenue streams by monetizing the specialized tools and services independent shops require.

Key Takeaway: Compliance as a Competitive Edge

Ultimately, the infrastructure required to meet regulatory demands—such as SBOMs, secure update channels, and fleet monitoring—doubles as the foundation for advanced, data-driven services. By merging diagnostics and cybersecurity, OEMs can lower long-term maintenance costs, reduce engineering complexity, and significantly reduce unplanned downtime. In a high-stakes sector where downtime is measured in lost revenue, a secure, resilient machine is the ultimate competitive differentiator.

Combining expert knowledge with intelligent tooling  

By combining expert knowledge with intelligent tooling, ETAS enables organizations to streamline compliance efforts, improve operational efficiency, and strengthen product robustness.

If you are interested in more information on ETAS’ diagnostics and cybersecurity offering for off-highway vehicles, visit etas.com/ConfidenceForToughConditions.

Related posts

abaut GmbH closes €3.2 million funding round to drive global expansion of its AI operating system for civil engineering and surface mining operations

Wayne

Alamos Gold reports record production, project expansions

Wayne

Fast2Mine: International expansion and accelerated growth

Wayne