PC-based control and EtherCAT: Secure by design, ready for the future

The regulatory requirements in industrial manufacturing are undergoing a fundamental shift as the Cyber Resilience Act (EU) 2024/2847 and the revised Machinery Regulation (EU) 2023/1230 have come into force. In the future, cybersecurity will require a continuous interplay between technology and processes. Beckhoff anticipated this need early on; for more than ten years, the company has been operating its own Product Security Incident Response Team (PSIRT) for professional vulnerability management and has made detailed security guidelines available. As a co-founder of the industry-specific CERT@VDE, Beckhoff is also actively involved in sharing vulnerability information across manufacturers.

Security with PC-based control and EtherCAT

Beckhoff is actively driving standard development to bring automation technology into line with the new EU regulations. Since the international IEC 62443 series of standards alone does not currently provide a sufficient basis for the CRA, Beckhoff is helping drive the development of the European version, EN IEC 62443, within CEN-CENELEC. The aim is to achieve practical standardization that guarantees effective security.

From a technological standpoint, PC-based control and EtherCAT provide an inherently secure foundation. By centralizing system communication through the industrial PC, the native security capabilities of the operating systems in use – such as Windows or Linux^® – can be fully applied to the PLC runtime, including integrated firewalls. Furthermore, the system architecture benefits significantly from communication via EtherCAT. Even 20 years after its introduction, the protocol remains consistently geared toward hardware-based real-time control and clearly separated from higher-level IP networks, which leaves very little room for attack. EtherCAT can therefore be used in a cybersecure and standard-compliant manner without any protocol changes. This enables system certifications in accordance with IEC 62443-3-3 for EtherCAT systems, even if the individual devices are not explicitly certified. Beckhoff has already received UL certifications for three different blueprint scenarios (DK-177530-UL, DK-178394-UL, and DK-178399-UL), each tailored to a typical family of industrial applications – a crucial factor in maintaining existing system designs.

Evaluation and certification

At product level, Beckhoff relies on a dedicated security evaluation process. All products are continuously evaluated and further developed with regard to their compliance with the CRA and, where necessary, also with IEC 62443. In many cases, they already meet the requirements through their existing design and only require extended documentation. For safety components, full compliance with the new Machinery Regulation will be ensured in time for its entry into force in January 2027. Beckhoff is expected to complete IEC 62443-4-1 certification this year to safeguard the product development lifecycle. At the same time, the security of the company’s own IT and production infrastructure will soon be validated through ISO 27001 certification.

“Cybersecurity is not static, but an ongoing process that requires tailored technologies and clear guidance,” summarizes Torsten Förder, responsible for Product Compliance Security at Beckhoff. “Where others in the market recommend excessive protective measures, we focus specifically on what is needed to deliver effective security. With this streamlined approach and the Beckhoff portfolio as a technical foundation, users remain secure, protect their investments, and maintain their edge.”

www.beckhoff.com/cybersecurity