The progressive digitalisation and networking of machines and systems has lead to an increasing fusion of safety and security as cybercrime becomes one of the biggest business risks facing companies today.
A significant number of companies have already experienced cyberattacks resulting in production downtime, with “Triton” being the first notable case that has breached security-related mechanisms in an automation system through a cyberattack.
Regulatory developments in the European Union are currently being pursued to address this issue, including the Machinery Regulation (MVO), the Cyber Resilience Act, and NIS2. The Machinery Regulation, which will be applied from 20 January 2027, specifies EU-wide protection objectives for the design and construction of machinery. It considers new risks and adapts the security specifications to the current state of technological progress. The Cyber Resilience Act protects consumers and companies that purchase or use digital products and software. As part of this, binding cybersecurity standards have been defined for manufacturers and distributors, and a CE marking has been specified for cybersecure products made available in the European Economic Area.
In this context, it is crucial to recognise that safety and security can no longer be considered in isolation. They are complementary aspects of machine and system security. The security of machines and systems depends both on physical protective measures (safety) and on measures to prevent cyber threats (security). A holistic approach that considers both aspects and utilises synergies is promoted by the new Machinery Regulation and the Cyber Resilience Act. This document describes such a holistic approach in broad terms and is intended to serve as an initial orientation.
Additionally, a record of data traffic for Ethernet connections should be provided for subnetworks at the control level of machines and production lines. Ethernet devices should also undergo a vulnerability test. This includes replacing the manufacturer’s default passwords. Network segmentation between machines is also recommended to restrict unauthorised access as much as possible.
The primary approach to overcoming threat potentials lies in the detection and prevention of unauthorised access from outside the “manufacturing zone” so that no safety-critical changes can be made. Furthermore, network segmentation should prevent unauthorised access from machine 1 to machine 2 (and vice versa).
This sponsored editorial is brought to you by Phoenix Contact. Learn more at Safety Meets Security.
