Beckhoff Meets Growing Security Requirements Driven by Cyber Resilience Act and Machinery Regulation

The regulatory requirements in industrial manufacturing are undergoing a fundamental shift as the Cyber Resilience Act (EU) 2024/2847 and the revised Machinery Regulation (EU) 2023/1230 have come into force. In the future, cybersecurity will require continuous interplay between technology and processes. Anticipating this need early on, Beckhoff has been operating its own Product Security Incident Response Team (PSIRT) over the last 10 years for professional vulnerability management and has made detailed security guidelines regularly available. As a co-founder of the industry-specific CERT@VDE, Beckhoff is also actively involved in sharing vulnerability information across manufacturers.

Boost cybersecurity with PC-based control and EtherCAT

Beckhoff is actively driving standard development to bring automation technology in line with the new EU regulations. Since the international IEC 62443 series of standards alone does not currently provide a sufficient basis for the CRA, Beckhoff is helping advance the development of the European version, EN IEC 62443, within CEN-CENELEC. The aim is to achieve practical standardization that guarantees effective security.

From a technological standpoint, PC-based control and EtherCAT provide a secure foundation with many key cybersecurity features built-in. By centralizing system communication through the industrial PC, the native security capabilities of the operating systems in use – such as Windows or Linux® – can be fully applied to the PLC runtime, including integrated firewalls.

Furthermore, the system architecture benefits significantly from communication via EtherCAT. Even more than 20 years after its introduction, the protocol remains consistently geared toward hardware-based real-time control and is clearly separated from higher-level IP networks, leaving very little room for cyberattacks. As a result, EtherCAT can be used in a cybersecure, standard-compliant manner without any protocol changes. This enables system certifications in accordance with IEC 62443-3-3 for EtherCAT systems, even if the individual devices are not explicitly certified. Beckhoff has already received UL certifications for three different blueprint scenarios (DK-177530-UL, DK-178394-UL, and DK-178399-UL). Each of these are tailored to a typical family of industrial applications – a crucial factor in maintaining existing system designs.

Evaluation and certification

At the product level, Beckhoff relies on a rigorous security evaluation process. All products are continuously assessed and further developed regarding their compliance with the CRA and, where necessary, with IEC 62443. In many cases, they already meet the requirements through their existing design and only require extended documentation. For safety components, full compliance with the new Machinery Regulation will be ensured in time for it to take effect in January 2027. Beckhoff is also expected to complete IEC 62443-4-1 certification this year to safeguard the product development lifecycle. At the same time, the security of the company’s own IT and production infrastructure will soon be validated through ISO 27001 certification.

“Cybersecurity is not static, but is an ongoing process that requires tailored technologies and clear guidance,” summarizes Torsten Förder, responsible for Product Compliance Security at Beckhoff. “Where others in the market recommend excessive protective measures, we focus specifically on what is needed to deliver effective security. With this streamlined approach and the Beckhoff portfolio as a technical foundation, users remain secure, protect their investments, and maintain their edge.”

www.beckhoff.com/cybersecurity