In May this year, the European Parliament formally adopted a new machinery regulation, which significantly updates the existing Machinery Directive 2006/42/EC. New information security requirements have been added to machine security. Let’s take a look at the importance of information security for machine security.
Our commonly used safety sensors (such as emergency stop, safety door, grating), safety controllers (such as safety relays, safety PLCS) and safety actuators (such as contactors, safety servos, safety valves) are used to achieve functional safety, that is, “to prevent the machine from causing injury to the person.” The purpose of information security is to prevent unauthorized access and manipulation of machines and data, that is, “to prevent the machine itself from being compromised.” Imagine that if an unauthorized person can access and modify the security control system program on the machine, the original security control system may no longer be secure. Therefore, functional security and information security can work together to ensure the fundamental safety of the machine.
The main international standards used in network information security are ISO 27k series standards and IEC 62443 series standards. The former puts forward safety requirements for organization and management, while the latter puts forward relevant safety requirements for applications and products. Combined with these standards, Pielmagneto can provide customers with a full range of services throughout the life cycle of industrial information security, including information security risk assessment, information security concept and information security confirmation. Information security risk assessment first identifies all the assets on the machine network and analyzes the data flow, applies the major threats (such as information exposure, information tampering, denial of service, etc.) to the assets, and analyzes what potential problems may occur on the network. Combining the impact of the event and its probability of occurrence, the probability of the actual occurrence of the risk is obtained. The information security concept will consider more threats, vulnerabilities, and detailed attack areas, resulting in detailed risk reports that inform customers how to reduce or eliminate cyber threats. Finally, information security verification performs system functional testing, process reviews, and configuration checks. It is used to verify that information security measures are correctly implemented