Ever since the publication of the new EU Machinery Regulation, it is clear: Security is now a legal requirement! But how are companies around the world dealing with this? Our security experts from Germany, Italy and Austria explain.
Security is now a topic in industry: “In almost every company, the topic of Industrial Security is of great interest.” This is the observation of Andreas Willert, Head of Industrial Security at Pilz Austria. Pilz Austria began to raise awareness in industry several years ago with informational events, free webinars and podcasts. “Continuous information and training as well as the creation of awareness are the key to enforcing the topic of Industrial Security,” agrees Alessio Ragni, Security expert at Pilz in Italy.
“Companies want to know the precise and individual obligations that they will be facing!”
Andreas Willert, Head of Industrial Security
Andreas Willert sees clear differences between individual industries and sectors: “Large companies are well aware of the need for action; they are informed, have in-depth expertise and have progressed far in their preparatory stage. Most of the small and medium-sized enterprises are aware that something ‘major’ is headed their way, but they do not have the know-how and thus many questions remain unanswered.”
A need for action resulting from laws
At Pilz in Ostfildern, Bernd Eisenhuth, Senior Consultant Business Areas, is a member of the Industrial Security Team. He is witnessing great uncertainty about what is to be done now and – relating to this – what this may mean in terms of work and costs.
“It is less the real fear of cyber criminals, which is truly present, though felt to be abstract, that induces a company to concretely grapple with the topic of Security,” explains Bernd Eisenhuth. Instead, the new or coming legal requirements of the Machinery Regulation, NIS 2 and Cyber Resilience Act are the impetus for many companies.
“There is a growing awareness for the importance of cyber security together with OT!”
Alessio Ragni, Consulting Manager Pilz Italy
“Companies want to know the precise and individual obligations that they will be facing and what they have to do or change in order to meet these obligations,” clarifies Willert. In Italy, customers and interested parties approach Pilz with very specific questions in many cases. Alessio Ragni gives some examples of these types of questions: “What do we have to do to maintain operation even in the event of a cyber attack?” Or “How do we monitor and detect anomalous behaviour that can affect the safety in our industrial processes?” “These questions make it clear that there is a growing awareness for the importance of cyber security together with OT,” according to Ragni.
One goal, many tasks
Ultimately, the goal is always being able to maintain business operations, but the path to this goal is riddled with a variety of challenges that companies must face: This ranges from the identification of the valid legal requirements and the detection and rectification of weak points in systems, to raising awareness of and training employees, and to subsequent enforcement of controls. Because Security is a goal that is constantly changing, a regular check of the Industrial Security status of machinery is also necessary.
“We are providing ever more support for customers in concrete projects that range from protection requirements analysis to creation of a security concept to assistance during implementation.”
Bernd Eisenhuth, Senior Consultant Business Areas
Demand for support growing
Pilz has prepared itself for the customers’ requirements and developed a range of services for machine builders and users around the world that holistically incorporates all aspects for the protection of human and machine.
Industrial Security in 4 steps: With the Industrial Security Consulting Service (ISCS), Pilz supports machine builders and operators.
The offer is very popular: “In addition to basic information and guidance as well as training courses, with our ISCS (Industrial Security Consulting Service) we are providing ever more support for customers in concrete projects that range from protection requirements analysis and risk analysis to the creation of a security concept to assistance during implementation and subsequent verification,” specifies Bernd Eisenhuth.