[{"term":"Libraries_BA","id":0,"type":"QUICKLINKS"},{"term":"Instructions","id":1,"type":"QUICKLINKS"},{"term":"WAGO-I/O-PRO","id":2,"type":"QUICKLINKS"},{"term":"Building","id":3,"type":"QUICKLINKS"},{"term":"221","id":4,"type":"QUICKLINKS"}]
[{"url":"/industries","name":"Solutions","linkClass":null,"categoryCode":null},{"url":"/open-automation","name":"Open Automation","linkClass":null,"categoryCode":null},{"url":"/open-automation/cybersecurity","name":"Cybersecurity","linkClass":null,"categoryCode":null},{"url":"/open-automation/cybersecurity/enhancing-cyber-resilience","name":"Enhancing Cyber Resilience","linkClass":"active","categoryCode":null}]
Topics 7 November 2024

Enhancing Cyber Resilience

Given the increasing damage from cyberattacks and new EU regulations such as the Cyber Resilience Act (CRA), comprehensive cybersecurity is a business must-have. Dr. Christopher Tebbe, Security Expert at WAGO, and Kilian Fröhlich, Manager in OT Security Consulting, explain how WAGO meets these challenges.

Would you like to learn more?

Keep an eye on your network and secure your system holistically.

The EU has recently introduced new directives to strengthen cybersecurity, such as the Cyber Resilience Act (CRA) and the NIS 2 Directive. What specific duties specifically apply to automation engineers?

Dr. Tebbe: Automators face the challenge of meeting both the CRA and the NIS 2 directive. The CRA aims to protect networked products from unauthorized access and manipulation throughout their life cycle. An important component is the timely provision of security updates. The NIS-2 directive expands the rules of the existing NIS-1, requiring companies, depending on their category and industry, to effectively manage the risks associated with their digital infrastructure and services. Similar to the CRA, significant cyber incidents must also be reported to national authorities. This means that, as manufacturers and system integrators, we must thoroughly check our infrastructure, products and systems for security vulnerabilities and implement appropriate security measures. This process is often associated with lengthy development times. We also need to ensure that our suppliers meet these high standards, which requires close cooperation and regular audits.

The security concept per IEC 62443 from WAGO includes secure networks, information protection, user authentication and vulnerability management.

There are strong interactions between the CRA and the NIS-2 Directive, as they affect both end-user products and industrial components in critical infrastructure.

How does WAGO implement the new requirements? What role does the international IEC 62443 series of standards play in cybersecurity in industrial automation?

Dr. Tebbe: WAGO has long operated an Information Security Management System (ISMS) based on the international standard ISO 27001 and is thus well prepared for the requirements of the NIS 2 directive. For product development, we have established an integrated security concept based on the international IEC 62443 series of standards and certified it. This standard is crucial for cybersecurity in industrial automation and control systems; it includes basic risk prevention measures, such as using trust zones, defense-in-depth approaches, last-privilege principles, and vulnerability management. These measures help us meet the security requirements of the new EU directives and optimally protect our products throughout their life cycle.