that it is a matter of ‘when’ not ‘if’ that attack will occur. This includes minimising attack surfaces and privileges, to a design principle which could be termed ‘security after design’, which is provisioning of software updates, particularly when vulnerabilities are found. Vulnerability handling is a central obligation
for manufacturers. To respond adequately, manufacturers need to discover and assess vulnerabilities at an early stage. They must ensure security updates throughout the expected lifetime of their products. If a security issue is identified in this period, manufacturers must publish security advisory messages and release security patches and updates free of charge. Manufacturers will also have the obligation to
report security incidents to the EU Agency for Cybersecurity (ENISA), the product user and, where applicable, any parties commissioned with the maintenance and repair of the product. Digital product users need to respond particularly quickly in the case of a vulnerable product by patching when an update is available or isolating the product while waiting for the patch. Manufacturers must therefore implement the processes needed for reporting these incidents and ensuring compliance with the CRA requirements for technical documentation.
The CRA also requires comprehensive product documentation that lists all important characteristics and security functions. The documentation must state which cybersecurity risks may occur under which circumstances and give details of a contact point in case of a cybersecurity vulnerability. It must also point out where the CE marking and the software bills of material can be found. The latter provides a detailed list of all software elements and facilitates security management. A primary goal of the CRA is to ensure that
products with digital elements have fewer security vulnerabilities, and that manufacturers, importers and distributors properly manage cybersecurity throughout a product’s life cycle. The CRA aims to enhance user trust and protection by improving transparency on the security and reliability of hardware and software products. Mandatory security requirements throughout the life cycle of hardware and software products strengthens the cybersecurity of connected devices. However, we have observed that some parts of industry are struggling to understand the complexities of demonstrating cybersecurity health from a compliance perspective. Why is this? Firstly, they may have never done this before and as it is a very new, untrodden landscape for many manufacturers, the learning curve is steep. Another reason is that there may be several cybersecurity stakeholders of any IoT product design within the supply chain which need to co-ordinate to provide the necessary compliance evidence. At its core, the CRA represents a
comprehensive approach to strengthening the cybersecurity of nations, businesses, and critical infrastructure. By introducing
mandatory security requirements throughout the life cycle of hardware and software products, the CRA strengthens the cybersecurity of connected devices. All the CRA requirements will apply
from 11 December 2027. This means that manufacturers must take steps now, as the addition of cybersecurity to the portfolio of compliance requirements is something that is
Joe Lomako
quite a significant step shift. This is not simply another radio or EMC or electrical safety requirement, which are the traditional and typical compliance requirements of a radio connected IoT product and the norm to most manufacturers. It will be a much more complex requirement for manufacturers to incorporate into product design, testing and the compliance process. Designers, manufacturers, distributors and
importers therefore need to start addressing the CRA at an early stage, to ensure security. Comprehensive training and cyber resilience testing programmes cannot be done overnight.
io-key, which is set to redefine how
businesses harness the power of Industry 4.0, is a plug-and-play solution that seamlessly connects traditional industrial setups to modern digital ecosystems. By linking IO-Link sensors to the cloud via mobile networks, it enables real-time data collection, visualisation and analysis, eliminating the need for complex IT infrastructure. Requiring no programming or SIM card installation, this supports up to two IO-Link sensors, making it an efficient choice for monitoring machine conditions, process values, or material states. Integration with the moneo IIoT Core Cloud provides users with a web-based dashboard for intuitive data visualisation, in-depth analysis, and alerts. io-key also features a durable IP65-rated design, ensuring reliable performance in demanding conditions. According to the company, for businesses looking to modernise operations and harness the
power of real-time insights, the io-key offers a simple yet powerful solution to unlock new levels of efficiency and productivity. It helps businesses drive efficiency and sustainability by increasing machine availability through proactive monitoring, ensuring consistent process quality with real-time insights, and optimising energy consumption to reduce inefficiencies and support sustainability goals. The moneo configure tool complements the io-key hardware, simplifying the parameterisation of IO-Link devices. This free software allows users to manage multiple sensors simultaneously.
19
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60