Cybersecurity in automation
Industrial automation is becoming smarter – and thus more vulnerable to cyberattacks. Comprehensive security is therefore essential in automation. ctrlX OS sets the highest security standards to ensure secure and reliable manufacturing.
Security for industrial automation is a priority
Modern automation systems consist of a multitude of interconnected components. Unprotected interfaces, missing updates, or insecure passwords are just a few of the entry points. The damages caused by cyberattacks in the industry amount to billions. Comprehensive security is therefore a necessity.
To counter the growing cyber threats, governments worldwide are increasingly relying on stricter security regulations. Companies must address these requirements early to operate in compliance with the law and effectively secure their systems.
The Linux-based operating system ctrlX OS places special emphasis on cybersecurity. This allows companies to continuously ensure secure and reliable manufacturing.
Cyber Resilience Act demands security for connected products
One of the latest EU regulations is the Cyber Resilience Act (CRA). It was officially published at the end of 2024 and aims to strengthen the cybersecurity of connected products. The CRA affects all products with digital components that communicate with each other and obliges manufacturers to ensure a high level of security from the outset.
The CRA sets requirements for the cybersecurity of products with digital elements and the procedures established by manufacturers to address vulnerabilities to ensure cybersecurity during the product support period. In addition to a detailed risk assessment, cyber risks must be considered during product development. Products must be designed to be secure and updatable by default. The CRA also mandates that critical security incidents and exploited vulnerabilities be reported within 24 hours and promptly addressed through updates.
Full implementation of the CRA is required by the end of 2027. This poses significant challenges for machine manufacturers and suppliers. Making existing products CRA-compliant can be very costly and sometimes even impossible. Non-compliance can result in large fines of up to 15 million euros or 2.5% of the total annual worldwide turnover. A non-CRA-compliant product that poses a significant cybersecurity risk can be removed from the market or its provision restricted. Even formal violations such as missing CE markings or incomplete technical documentation can result in sanctions.
The CRA makes cybersecurity mandatory – machine manufacturers must consider security measures from the outset!
Maintaining CRA compliance – What does it mean?
-
Risk assessment at the product level
-
Consider cyber risks during development
-
Products must be secure by default
-
Address vulnerabilities promptly through updates
-
Plan for updatability during the development process
-
Establish a Software Update Management System (SUMS)
"The Cyber Resilience Act sets mandatory cybersecurity requirements for both manufacturers and distributors throughout the entire product lifecycle – for all products that are connected to another device or network. With ctrlX OS, we are already well-prepared for the CRA requirements."
Steffen Winkler, CSO Business Unit Automation at Bosch Rexroth
ctrlX OS – secure from the ground up, certified, and CRA ready
Cybersecurity has been a focus from the beginning of the development of the ctrlX OS operating system. Therefore, ctrlX OS is well-prepared for the CRA requirements. The Linux-based operating system is secure from the ground up. It is designed to be "Secure by Design" and "Secure by Default" and is certified to IEC 62443-4-2 Security Level 2 by TÜV Rheinland.
- Secure by Design & Secure by Default
- Protects data that is stored, transmitted, or otherwise processed
- Provides a platform for the distribution and application of security patches without delay and side effects
- Is robust and resilient
Well-prepared – with apps from the ctrlX OS Store
Additional security applications from the ctrlX OS Store ensure maximum security:
Firewall-App
The Firewall app protects devices from unauthorized access. By selectively filtering incoming and outgoing data streams, unwanted connections are blocked, and security policies are enforced.
VPN-Client
The VPN Client ensures secure remote maintenance and protected access to devices from external networks. Access can be restricted based on machine status and on-site approval.
Security Scanner
As part of machine acceptance tests at the network level, the Security Scanner enables the complete inventory of all components and the assessment of the security status of the entire machine park. Potential attack surfaces can thus be identified and addressed specifically.
