Comprehensive service for Industrial Security

Increased cyber attacks, secu­rity require­ments in the new Machinery Reg­u­la­tion and manip­u­la­tion pro­tec­tion – pres­sure is growing on industry to deal with Indus­trial Secu­rity. But where to start? And how to imple­ment it? In Ger­many, Pilz is launching the Indus­trial Secu­rity Con­sulting Ser­vice.

With digi­ti­sa­tion and net­working, the risk of machinery being affected by secu­rity inci­dents increases. They are not always tar­geted attacks from out­side; internal manip­u­la­tion can also damage machinery. Leg­is­la­tors have recog­nised the impor­tance of secu­rity. This is reflected in the new Machinery Reg­u­la­tion, for example: In order to import machinery into Europe, machine builders have always had to undergo the con­for­mity assess­ment pro­ce­dure, ending with the CE mark. In accor­dance with the new reg­u­la­tion, machine builders must prove that their machines are not only func­tion­ally safe, but are also pro­tected against manip­u­la­tion. This means: secu­rity is a legal require­ment in future!

New legal requirements for security

The stan­dards and laws for machinery safety in an indus­trial envi­ron­ment are cur­rently facing upheaval. This is being driven by the issues of Secu­rity and Arti­fi­cial Intel­li­gence (AI). For industry in gen­eral and mechan­ical engi­neering in par­tic­ular, there are three new or upcoming legal require­ments for secu­rity that are rel­e­vant: the EU Direc­tive NIS 2, the new Machinery Reg­u­la­tion and the Cyber Resilience Act.

EU-Derictive NIS 2

In com­par­ison with the pre­vious direc­tive, NIS 2 affects more com­pa­nies, extends the oblig­a­tions and pro­vides for stricter sanc­tions. Com­pa­nies that fail to take mea­sures are threat­ened with severe penal­ties.

Cyber Resilience Act

The Cyber Resilience Act is directed toward man­u­fac­turers of prod­ucts with dig­ital ele­ments. They should only be allowed to place prod­ucts on the market that guar­antee an appro­priate level of cyber­se­cu­rity. The reg­u­la­tion is due to be adopted at the end of 2024.

EU Machinery Regulation

From Jan­uary 2027, the Machinery Reg­u­la­tion will replace the existing Machinery Direc­tive and, in con­trast to its pre­de­cessor, makes cyber­se­cu­rity manda­tory. The secu­rity pro­tec­tion goal has been included in the reg­u­la­tion, in the “Essen­tial health and safety require­ments EHSR”, under “Pro­tec­tion against cor­rup­tion”.

On the other hand, secu­rity is uncharted ter­ri­tory for many com­pa­nies: there is a knowl­edge gap, so there are no strate­gies; respon­si­bil­i­ties are often not defined. So what to do?

“The new Machinery Reg­u­la­tion is a good oppor­tu­nity for machine builders and oper­a­tors to deal with Indus­trial Secu­rity”, explains Bernd Eisen­huth, Senior Con­sul­tant Busi­ness Areas at Pilz. For this is the first time a spe­cific require­ment will be set, and a frame­work spec­i­fied.

Because machinery in future no longer needs to be just Safe, but also Secure, Eisen­huth and his team will offer a ser­vice to advise and sup­port com­pa­nies on Indus­trial Secu­rity. This will be avail­able ini­tially in Ger­many, but will be offered world­wide from next year.

Proven methodology from machinery safety

Pilz has devel­oped the Indus­trial Secu­rity Con­sulting Ser­vice, building on the proven method­ology for machinery safety ser­vices and based on the secu­rity stan­dard series IEC 62443. Once com­pa­nies have used this ser­vice, they will be well equipped in terms of Indus­trial Secu­rity, and will meet the cur­rent legal require­ments.

Click here to view the con­tent from Vimeo.
Learn more in Vimeo’s pri­vacy policy.

Bernd Eisen­huth, Senior Con­sul­tant Busi­ness Areas at Pilz, explains why it is now impor­tant to deal with Indus­trial Secu­rity on the machine.

Modular service for the protection of human and machine

Ini­tially, the ser­vice package will con­sist of the fol­lowing mod­ules: Pro­tec­tion Require­ments Analysis, Indus­trial Secu­rity Risk Assess­ment, Indus­trial Secu­rity Con­cept and Indus­trial Secu­rity System Ver­i­fi­ca­tion.

The Pro­tec­tion Require­ments Analysis is the first step towards Indus­trial Secu­rity. It is used to iden­tify the applic­able stan­dards and reg­u­la­tions, define the scope of the plant or machine to be pro­tected and deter­mine the system’s pro­tec­tion goals. Bernd Eisen­huth explains what cus­tomer can expect in this first step:

Click here to view the con­tent from Vimeo.
Learn more in Vimeo’s pri­vacy policy.

Bernd Eisen­huth explains the pro­ce­dure for the Pro­tec­tion Require­ments Analysis pro­vided by the Secu­rity Con­sulting Ser­vice from Pilz.

As with machinery safety, this is fol­lowed by a Risk Assess­ment. Here it is a case of iden­ti­fying all the risks for each sub­sec­tion over the system’s com­plete life­cycle. Vul­ner­a­bil­i­ties and poten­tial haz­ards are doc­u­mented. Pilz experts dis­cuss the result and poten­tial solu­tions with the cus­tomer:

Click here to view the con­tent from Vimeo.
Learn more in Vimeo’s pri­vacy policy.

Only when the degree of harm (Pro­tec­tion Require­ments Analysis) and risk char­ac­ter­istic are known is it pos­sible to define the appro­priate coun­ter­mea­sures. Bernd Eisen­huth clar­i­fies the depen­den­cies.

In step 3, experts from Pilz create an Indus­trial Secu­rity Con­cept. This describes poten­tial strate­gies for repelling or mit­i­gating haz­ards. Specif­i­cally, work­flows for coun­ter­mea­sures are devel­oped, and a check looks at which indi­vidual mea­sures make sense – from user authen­ti­ca­tion and phys­ical pro­tec­tive mea­sures to backing up and restoring data. In addi­tion, poli­cies, rules and guide­lines are cre­ated for the con­tinued “safe” oper­a­tion of the system over the whole life­cycle:

Click here to view the con­tent from Vimeo.
Learn more in Vimeo’s pri­vacy policy.

The Indus­trial Secu­rity Con­cept is con­cerned with strate­gies and coun­ter­mea­sures. Bernd Eisen­huth explains the details in the video.

The fourth and final step is the Indus­trial Secu­rity System Ver­i­fi­ca­tion. This checks the effec­tive­ness of the imple­mented coun­ter­mea­sures. The results, including any poten­tial dis­crep­an­cies, are recorded in a test report. The cus­tomer can rest assured that the con­cepts and mea­sures also work in prac­tice.

Click here to view the con­tent from Vimeo.
Learn more in Vimeo’s pri­vacy policy.

The fourth and final step of the Secu­rity Con­sulting Ser­vice is the Ver­i­fi­ca­tion. Bernd Eisen­huth tells us what this entails.

The Indus­trial Secu­rity Con­sulting Ser­vice from Pilz expands the pre­vious safety-related inspec­tion of machines that focused on func­tional safety, to create a holistic approach to Safety and Secu­rity. Machine builders and users receive a ser­vice package from Pilz, which takes into account all aspects for the pro­tec­tion of human and machine.

Industrial Security Consulting Service

Pilz is expanding its ser­vice port­folio in the Indus­trial Secu­rity sector and thereby sup­ple­menting the training courses offered in this field. The “Indus­trial Secu­rity Con­sulting Ser­vice” will start in the autumn, ini­tially in Ger­many. If you are inter­ested, fur­ther infor­ma­tion is avail­able at

Specif­i­cally, users ensure the avail­ability and integrity of their machinery and system, so that the integrity of the machine, processes, and ulti­mately the end product, is guar­an­teed.

How­ever, Bernd Eisen­huth has another, quite per­sonal, moti­va­tion: “Our greatest incen­tive is always the pro­tec­tion of humans, because without Indus­trial Secu­rity, func­tional safety mea­sures can be defeated. Nobody should be injured by automa­tion.”

Share with your network!

1 Star2 Stars3 Stars4 Stars5 Stars (Be the first to give a rating!)

Leave a Reply