The increasing digitalization of production offers machine builders new business models and revenue opportunities by leveraging machine data. This can occur on-premises, in the cloud, or in a hybrid model, but in all cases, a digital component is essential. The EU’s NIS2 Directive and the Cyber Resilience Act (CRA) cover cybersecurity in digital systems and along the supply chain. Machine builders now need to focus on the implementation of the requirements for individual (legacy) machine applications.
In an article for A&D/industr.com, Marián Hönsch, Director Product Management Industrial IoT at TTTech Industrial, discusses options for simple and efficient implementation of these standards. He covers:
Importance of IEC 62443 standards
The CRA covers various industries but aligns closely with the IEC 62443 standards for secure networked products. IEC 62443 is therefore a good basis for meeting the CRA requirements. By using an edge computing platform like Nerve from TTTech Industrial that fulfills IEC 62443-4-2, machine builders can cover about 80 to 90 percent of topics related to IEC 62443 compliance.
Secure use of machine-specific software
The remaining 10 to 20 percent of topics are related to the applications that machine builders integrate in the edge computing platform – third-party applications or their own software solutions. This machine-specific software (in most cases Docker applications) needs to comply with IEC 62443-4-2. By using security mechanisms inherent in the edge computing platform, machine builders can save time and effort in this step.
Cybersecurity features relevant for CRA compliance
The most relevant features that an IEC 62443-compliant edge computing platform should cover are:
- Audit logging
- Access authentification and data encryption
- Checking of software integrity by third parties
- Management of users and access rights
Use of a cybersecurity-certified edge computing platform reduces CRA compliance efforts
An edge computing platform certified according to IEC 62443-4-2 and offering the above-mentioned mechanisms, provides a reliable and efficient “security toolbox” that supports machine builders in complying with CRA.
Nerve from TTTech Industrial was developed in compliance with IEC 62443 and offers open, modular edge computing for IIoT, with a central management system. All Nerve software components are currently being certified according to IEC 62443-4-2.
