Industrial Communciation with security

“Today’s technological possibilities bring security challenges to new dimensions,” emphasizes T. Rauch. “For example, quantum computing will be able to break even the complex security mechanisms we currently rely on.” Artificial intelligence also plays a role. “New EU regulations, such as the recently passed Cyber Resilience Act (CRA), require companies to allocate intensive resources to address this issue, and that across the entire supply chain,” adds the manager. The question is: How can we address these challenges without panicking?

To meet these complex challenges, companies must adopt advanced technological solutions that take into consideration even developments in post-quantum cryptography, aiming to stay ahead in the ever-evolving race against emerging threats.

Hilscher is at the forefront of this effort: “As an expert in industrial communication, we bring our expertise to bear,” says T. Rauch, who has been with the company for two years. The “one-stop-shopping” concept allows the company, headquartered in Hattersheim, Germany, to offer a coordinated combination of software and hardware solutions specifically designed to protect against novel attack vectors. “This allows us to respond comprehensively to all new challenges,” adds the CTO, who is responsible for the technology development of the netX chips, protocol stacks and Industrial IoT at Hilscher’s headquarter in Hattersheim near Frankfurt as well as the devlopment sites in Berlin and Varna, Bulgaria. “We have the master key against new attack vectors.” He continues, “In the future, it will no longer be possible to ensure a high level of security using only software.”

“We incorporate into our solutions the expertise of the open source community and the Real-Time Ethernet and fieldbus organizations, of which we are active members. Being directly involved in these organizations also gives us a perfect understanding of emerging requirements,” continues Rauch. He cites CIP Security from ODVA, PROFINET Security from PROFIBUS & PROFINET International, and OPC UA Security as examples. The deployment location of the communication solution is also crucial, and the entire security lifecycle must be considered.

“The netX 90 chip generation that is already in use and well-established in the industry meets all current security requirements,” asserts the CTO. “Advanced security mechanisms are integrated into the chip.” These network processors are specifically designed to meet the security standards of IEC 62443 and the Cyber Resilience Act, providing a solid foundation for making communication within industrial IoT secure.

“Our netX 90, for example, includes secure boot mechanisms. Firmware can be signed on the application side, ensuring that no malicious software can be loaded,” explains the 42-year-old manager. The security issue is becoming more and more important in all product areas. Hilscher aims to ensure that all future security standards are met, including new security mechanisms for various communication protocols.

Hilscher takes it a step further with the new netX 900 generation. These secure gigabit communication processors integrate security mechanisms at various levels while offering high performance with low power consumption. The security management processing includes features such as Secure Debug, unique ID, key management, certificate management, lifecycle management, and a crypto engine. 

Due to increasing risks, regulatory requirements are essential. After a three-year grace period, the recently enacted Cyber Resilience Act (CRA) of the European Union will come into effect, with some aspects, such as mandatory reporting by manufacturers of security incidents, being enforced much earlier. It will become a necessary requirement to receive the CE label. Distributors of affected products are required to meet the CRA requirements.

The adoption of the CRA and the associated regulatory requirements, such as the obligation to provide security patches for at least five years, will significantly impact the global market. Reporting obligations include notifying relevant authorities of issues within 24 hours. The penalties for non-compliance with these obligations are similar to those for violations of the General Data Protection Regulation (GDPR). T. Rauch is convinced that the high requirements for industrial communication will lead to portfolio and market consolidation.

“At Hilscher, as an enabler of industrial communication, we can meet these high security requirements,” T. Rauch asserts confidently. This applies to Hilscher’s entire portfolio, from communication controllers to IoT with its netFIELD edge computing and edge management solutions. “We also see a significant shift in the IoT industry, as manufacturers of semi-developed Linux applications or operators of self-built solutions will need to meet CRA criteria.” In his opinion, it is not economically viable for many providers to ensure that their solutions will meet the growing IT security requirements on an ongoing basis, as this would mean a significant allocation of resources and a big investment.