From the world of standards: New CEN ISO/TR 22100-4:2020

As of April 2020, the Technical Report/Technical Report CEN ISO/TR 22100-4:2020 Safety of machinery - Relationship with ISO 12100 - Part 4: Guidance for machinery manufacturers on addressing related IT security aspects (cybersecurity) was published by the European Standards Institute (CEN).

A CEN ISO/TR document is an international technical report (ISO) that has also been adopted in a European body of standards (CEN). Technical reports are informative documents containing information on the state of standardization.

The Technical Report provides machine manufacturers with guidance on possible safety aspects related to machine safety, in particular IT security, when the machine is first put into operation or placed on the market.

The Technical Report identifies information to identify and address IT security threats that can affect machine safety.

It also lists suggested measures for machine manufacturers to minimize IT security issues that impact machine safety:

• Selection of suitable components (hardware / software) for safety-relevant machine parts/components, such as control systems, sensors, operating parts) that can be targets for IT security risks (threats). These should have functions according to the state of the art.
• Appropriate machine design, such as equipping the machine IT system with risk mitigation measures (e.g., firewalls, antivirus tools), access control (e.g., card readers, physical locks, password systems), etc.
• Operating instructions, instructions in the operating instructions to the user regarding IT security

The consideration of IT security risk for industrial automation and control systems is defined in the international IEC 62443 series of standards. This specifies the achievement of IT security in automation systems. Part EN IEC 62443-3-2:2020 IT security for industrial automation systems - Part 3-2: Security risk assessment and system design specifies in particular how the definition of the system under consideration can be inferred from a risk analysis, as well as its division into zones and conduits.

We will be happy to support you in the application of the technical report.