[{"term":"Libraries_BA","id":0,"type":"QUICKLINKS"},{"term":"Instructions","id":1,"type":"QUICKLINKS"},{"term":"WAGO-I/O-PRO","id":2,"type":"QUICKLINKS"},{"term":"Building","id":3,"type":"QUICKLINKS"},{"term":"221","id":4,"type":"QUICKLINKS"}]
Topics 7 November 2024

Enhancing Cyber Resilience

Given the increasing damage from cyberattacks and new EU regulations such as the Cyber Resilience Act (CRA), comprehensive cybersecurity is a business must-have. Dr. Christopher Tebbe, Security Expert at WAGO, and Kilian Fröhlich, Manager in OT Security Consulting, explain how WAGO meets these challenges.

Would you like to learn more?

Keep an eye on your network and secure your system holistically.

The EU has recently introduced new directives to strengthen cybersecurity, such as the Cyber Resilience Act (CRA) and the NIS 2 Directive. What specific duties specifically apply to automation engineers?

Dr. Tebbe: Automators face the challenge of meeting both the CRA and the NIS 2 directive. The CRA aims to protect networked products from unauthorized access and manipulation throughout their life cycle. An important component is the timely provision of security updates. The NIS-2 directive expands the rules of the existing NIS-1, requiring companies, depending on their category and industry, to effectively manage the risks associated with their digital infrastructure and services. Similar to the CRA, significant cyber incidents must also be reported to national authorities. This means that, as manufacturers and system integrators, we must thoroughly check our infrastructure, products and systems for security vulnerabilities and implement appropriate security measures. This process is often associated with lengthy development times. We also need to ensure that our suppliers meet these high standards, which requires close cooperation and regular audits.

The security concept per IEC 62443 from WAGO includes secure networks, information protection, user authentication and vulnerability management.

There are strong interactions between the CRA and the NIS-2 Directive, as they affect both end-user products and industrial components in critical infrastructure.

How does WAGO implement the new requirements? What role does the international IEC 62443 series of standards play in cybersecurity in industrial automation?

Dr. Tebbe: WAGO has long operated an Information Security Management System (ISMS) based on the international standard ISO 27001 and is thus well prepared for the requirements of the NIS 2 directive. For product development, we have established an integrated security concept based on the international IEC 62443 series of standards and certified it. This standard is crucial for cybersecurity in industrial automation and control systems; it includes basic risk prevention measures, such as using trust zones, defense-in-depth approaches, last-privilege principles, and vulnerability management. These measures help us meet the security requirements of the new EU directives and optimally protect our products throughout their life cycle.

In the future, products covered by the CRA will no longer receive a CE mark if they do not meet the legal requirements. Which product classes are affected?

Dr. Tebbe: The CRA is a horizontal regulation and applies to any class of products with an integrated digital component. There are only a few exceptions, such as medical technology or motor vehicles, which are specifically regulated. As a result, household appliances, smartphones and toys are covered by the CRA, as are industrial controllers and software applications. All of these products must comply with the CRA in order to obtain a CE mark and be allowed on the European market. Particularly important or critical components must always be checked for conformity by an accredited testing agency. However, according to EU planning, this should only apply to a limited number of products that usually implement or support security functions. For all other products, self-assessment is sufficient, based on a harmonized standard. One candidate for such a harmonized standard is the aforementioned IEC 62443. The procedure, according to IEC 62443-4-1 and -4-2, addresses the obligations from the CRA over the entire product lifecycle and includes the principles of secure-by-design, secure-by-implementation and secure-by-default. Only after passing the test can the CE mark be affixed and the declaration of conformity within the framework of the EU directives be issued.

{"container":false,"catalogVersion":"gb-wagoContentCatalog/Online","lastExportedVersion":1,"type":"Quote Component","dynamicVisibility":true,"cloneable":true,"uuid":"eyJpdGVtSWQiOiJjb21wX2RlXzAwMDBLV0JUIiwiY2F0YWxvZ0lkIjoiZ2Itd2Fnb0NvbnRlbnRDYXRhbG9nIiwiY2F0YWxvZ1ZlcnNpb24iOiJPbmxpbmUifQ==","ignoreOnTransfer":false,"uid":"comp_de_0000KWBT","quote":"Our certified security concept for product development is based on the IEC 62443 series of standards.","modifiedtime":"2025-07-20T23:49:24+0000","children":[],"onlyOneRestrictionMustApply":true,"image":{"code":"MM-522543_GWA_Titelstory_C-und-A_WAGO7098_2000x2000","altText":null,"imageFormats":[{"imageType":null,"format":"2000","url":"/medias/2000-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3wzOTQ3Mjl8aW1hZ2UvanBlZ3xhRGxtTDJobE15OHhORFkwT1RVME1qY3dOVEU0TWk4eU1EQXdYMDFOTFRVeU1qVTBNMTlIVjBGZlZHbDBaV3h6ZEc5eWVWOURMWFZ1WkMxQlgxZEJSMDgzTURrNFh6SXdNREI0TWpBd01BfGEzOWVjNzNkYWQ0NzFjOWZiMzM1ZDFmYzQxZWRiNTI0ZDYyOTFlNGEwZThkNDNmNzZjN2M2NWE0M2YxNDkyMWI","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"1600","url":"/medias/1600-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3wyNTE3MzV8aW1hZ2UvanBlZ3xhR0UyTDJoak1pOHhORFkwT1RVME16STVOVEF3Tmk4eE5qQXdYMDFOTFRVeU1qVTBNMTlIVjBGZlZHbDBaV3h6ZEc5eWVWOURMWFZ1WkMxQlgxZEJSMDgzTURrNFh6SXdNREI0TWpBd01BfGVmZmJjYzNlNzI3NGRkY2YyZTEwOGVkNTdlMzJkNmIzN2Y5MTMzZWRhNmQ5ZmFmMGM1Y2Y1NzliMGJiZTc2YTY","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"1280","url":"/medias/1280-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3wxNTk4MDF8aW1hZ2UvanBlZ3xhRFZsTDJobE55OHhORFkwT1RVME1qZ3pOakkxTkM4eE1qZ3dYMDFOTFRVeU1qVTBNMTlIVjBGZlZHbDBaV3h6ZEc5eWVWOURMWFZ1WkMxQlgxZEJSMDgzTURrNFh6SXdNREI0TWpBd01BfGFiZTQ5MzAzMzZhYzBiNTdmZTQ1YjE5NDBmYmIyZjQwNjhlODY2Y2ZmNjlkYTQ0OTM4YjgzZjNjMjc2NjQ0MDU","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"1024","url":"/medias/1024-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3wxMDM0NjN8aW1hZ2UvanBlZ3xhRFptTDJobFlTOHhORFkwT1RVME1qa3dNVGM1TUM4eE1ESTBYMDFOTFRVeU1qVTBNMTlIVjBGZlZHbDBaV3h6ZEc5eWVWOURMWFZ1WkMxQlgxZEJSMDgzTURrNFh6SXdNREI0TWpBd01BfDc1MDcwNmIwNjhlNTIyNzY4NGFjNDY4MjU3ZWNmYTQ5MTI2ZDc0ZWZlODU2OTNkMGQ4ZDllZDNiNmEzNDc0YzU","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"768","url":"/medias/768-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3w2MDI1NXxpbWFnZS9qcGVnfGFERmtMMmhsWWk4eE5EWTBPVFUwTWprMk56TXlOaTgzTmpoZlRVMHROVEl5TlRRelgwZFhRVjlVYVhSbGJITjBiM0o1WDBNdGRXNWtMVUZmVjBGSFR6Y3dPVGhmTWpBd01IZ3lNREF3fGJmNWJkNmU3ODhlYjc5NTRmYzY1M2FmMGJkM2FkMzMyNTM4YTNhYjFhZjUzMzAzMjJkNzY3M2I5YzIyNmU0YzA","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"480","url":"/medias/480-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3wyNjc2M3xpbWFnZS9qcGVnfGFESTFMMmhqWVM4eE5EWTBPVFUwTXpBek1qZzJNaTgwT0RCZlRVMHROVEl5TlRRelgwZFhRVjlVYVhSbGJITjBiM0o1WDBNdGRXNWtMVUZmVjBGSFR6Y3dPVGhmTWpBd01IZ3lNREF3fGRmNDc0ZWViMzc0MGNmZjM4MjI4NDY4ZTNmMDdhMTY0MzNkNmY3ZTliNWE1MDVhMWJhMWM0ZGEzMzRmMzU2YTY","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null},{"imageType":null,"format":"200","url":"/medias/200-MM-522543-GWA-Titelstory-C-und-A-WAGO7098-2000x2000?context=bWFzdGVyfGltYWdlc3w0ODI3fGltYWdlL2pwZWd8YURZNEwyaGpNeTh4TkRZME9UVTBNekl5T1RRM01DOHlNREJmVFUwdE5USXlOVFF6WDBkWFFWOVVhWFJsYkhOMGIzSjVYME10ZFc1a0xVRmZWMEZIVHpjd09UaGZNakF3TUhneU1EQXd8NjExZDc4NzE2OTJlNzExYWJmYTRhZWIzNjFkOWQ2ZWIyZjIxYmYxM2U2YzZkZjI3MzY2NGI3NWM4Y2Q1ZjM5YQ","altText":null,"galleryIndex":null,"width":null,"description":null,"mediaType":null,"code":null}],"description":null},"lastLoad":1753055364117,"visible":true,"wagoColumnComponent":[],"imagePosition":"LEFT","availableLanguages":"AVAILABLE","passepartout":true,"restrictions":[],"searchable":true,"lead":"<p>Dr. Christopher Tebbe | Expert at WAGO</p>","typeCode":"WagoQuoteTeaserComponent","slots":["eyJpdGVtSWQiOiJjc19kZV8wMDAwSkYyUSIsImNhdGFsb2dJZCI6ImdiLXdhZ29Db250ZW50Q2F0YWxvZyIsImNhdGFsb2dWZXJzaW9uIjoiT25saW5lIn0="],"itemtype":"WagoQuoteTeaserComponent","restricted":false,"name":"quote_tebbe","synchronizationBlocked":true,"containers":[],"creationtime":"2024-11-07T09:45:57+0000","actions":[],"contentVersion":1,"parents":[]}

How important is the PSIRT at WAGO with regard to holistic cybersecurity?

Dr. Tebbe: Vulnerability management has been firmly anchored in our company for many years. Our Product Security Incident Response Team (PSIRT) serves as a central contact point for vulnerability reports regarding our products and solutions. The goal is to help our customers protect their applications and processes as effectively as possible. The team evaluates potential vulnerabilities, consults with relevant stakeholders such as the Development Department and Product Management, and initiates necessary measures, such as recommendations for action, updates or patches. One example of our work is eliminating a vulnerability we addressed with Intilion for switches used in battery storage. Thanks to the structured processes of the PSIRT, we rapidly eliminated the potential attack area. Our team is constantly working to expand these processes to all new and existing products.

How do customers learn if there is a potential risk and in which products?

Dr. Tebbe: We don't work alone in coordinating and publishing information. We are supported by our coordination partner, CERT@VDE, which is part of the German Electrical Engineers Association. CERT@VDE provides information about bug fixes and security vulnerabilities through advisories and also offers an RSS feed. To strengthen information security, which is a critical success factor for Industry 4.0 and digitalization, VDE has established an IT security platform. This platform serves as a central point of contact for customers, consolidating security vulnerabilities from different companies and offering specific solutions.