Florian Wahl is Pilz’s Product and Technology Manager.
What is your role at Pilz?
As Product and Technology Manager at Pilz, one of my tasks is to identify new technologies at an early stage and assess their potential for the company. Stimulus comes from areas with direct market access/customer contact, but suggestions from other departments are also incorporated. The aim is to develop research projects or product ideas from these trends. One aspect that’s increasingly important is the consideration of regulatory requirements – in particular the Cyber Resilience Act (CRA).
What influence does the Cyber Resilience Act (CRA) have on your work?
The CRA does not affect all our products to the same extent. Many of our classic safety relays, such as the PNOZ X for example, are not affected by it at all – our customers can continue to use them as usual. On the other hand, more complex systems such as the safe configurable small controller PNOZmulti or the automation system PSS 4000 require more intensive testing and modification to ensure they are CRA-compliant. One important initial task is to realistically estimate the effort required for all products. I see myself as a mediator between product management and the teams that ultimately handle the technical implementation.
How is Pilz dealing with the new requirements?
Our aim is clear: we want to keep our products on the market and make them CRA-compliant. We are responding to the new requirements with a structured and forward-looking security management approach, for example. For existing products we conduct a gap analysis to identify requirements from the CRA and implement them accordingly.
On the organisational side, we are working on making the Product Security Incident Response Team (PSIRT) ready for the reporting requirements that are now being added to the existing vulnerability management process. Vulnerabilities are being assessed and the team provides customers with recommended actions in the form of Security Advisories to help resolve the identified vulnerabilities.
Reporting a vulnerability to the PSIRT team: www.pilz.com/psirt
If you have any security issues with Pilz products, solutions and online services, please contact: security@pilz.com.
The report should contain the following information:
- Item number of the affected product
- Device and firmware (if available)
- Exploit or further data that will help us reproduce the problem, if applicable
- A note as to whether the vulnerability has already been published (by you or someone else)
What advice do you give customers when dealing with new regulations such as the CRA?
If there is an opportunity to get involved in associations such as the VDMA or ZVEI, then we really recommend it. These networks thrive on the active participation of their members. You can engage in intensive dialogue with market competitors and customers. Such networks are essential, particularly in times of increasing regulatory complexity. They allow you to identify changes at an early stage and play an active part in the design process. It is important to stay on the ball and obtain information as close to the source as possible – that is how we do it at Pilz.
Whitepaper on the topic Industrial Security for your machinery
Loading...
