Cybersecurity

Security is a priority for industrial automation

Overview of current regulations

Industrial automation is becoming ever smarter – and thus more vulnerable to cyberattacks. Modern automation systems consist of a multitude of connected components. Unprotected interfaces, missing updates or insecure passwords are just a few of the gateways. The damage to industry caused by cyberattacks amounts to billions of euros. End-to-end security is therefore no longer an option – it is a necessity.

Bosch Rexroth attaches particular importance to cybersecurity and implements the highest security standards in all its automation solutions. This enables companies to continuously guarantee secure and reliable manufacturing.

The automation products from Bosch Rexroth meet the legal requirements, which are constantly increasing in number. As governments around the world are increasingly relying on stricter security regulations to counter increasing cyber threats. Companies have to address these requirements at an early stage to comply with the law and effectively secure their systems.

Cyber Resilience Act demands security for connected products

One of the latest EU regulations is the Cyber Resilience Act (CRA). This act aims to strengthen the cybersecurity of connected products. The CRA applies to all products with digital components that communicate with each other and obliges producers to ensure a high level of security from the outset.

This includes a detailed risk assessment, the consideration of cyber risks right from the product development stage, as well as the obligation to make products secure by default and updatable. In addition, the CRA requires that critical security incidents and exploited vulnerabilities are reported within 24 hours and remediated quickly through updates.

This poses far-reaching challenges for machine manufacturers and suppliers. Making existing products CRA-compliant can involve considerable effort – in some cases it is not possible at all. The consequences of non-compliance are serious: large fines of 5 to 15 million euros or up to 2.5% of the total annual worldwide turnover, whichever is the higher.

In addition, a non-CRA-compliant product that poses a significant cybersecurity risk may be withdrawn from the market or its deployment restricted or forbidden. However, formal infringements – such as missing or incorrectly affixed CE marking or incomplete technical documentation – can also result in sanctions even when there is no direct risk.

The CRA thus makes cybersecurity mandatory – act early to be on the safe side.

Overview of CRA requirements

At a glance:

Maintaining CRA compliance – what does it mean?

Machine manufacturers must take security measures into account from the outset to minimize cyber risks and comply with legal requirements:

✔ Product-level risk assessment

✔ Taking cyber risks into account during development

✔ Products must be secure by default

✔ Remediate vulnerabilities promptly with updates

✔ Plan for updatability during the development process

✔ Establish a software update management system (SUMS)

 

ctrlX OS – secure from the ground up, certified, and CRA-ready

Bosch Rexroth is a pioneer when it comes to cybersecurity in automation and relies on the highest security standards – from encrypted data transmission to secure software updates.

The focus was on cybersecurity right from the beginning of the development of the operating system ctrlX OS. So ctrlX OS is well prepared for the requirements of the CRA. The Linux-based operating system is secure from the ground up. It is secure by design and secure by default and certified according to IEC 62443-4-2 Security Level 2 by TÜV Rheinland. Data that is saved, transferred or otherwise processed is fully protected. It also provides a platform to quickly and reliably issue and apply security patches without impacting operation.

ctrlX OS features:

✔ Secure by design and secure by default

✔ Protects data that is saved, transferred or otherwise processed

✔ Provides a platform to issue and apply security patches without delay and side effects

✔ Is robust and resilient

For example, ctrlX OS runs on the control system ctrlX CORE from Bosch Rexroth. ctrlX CORE is designed for maximum cybersecurity thanks to secure by default and secure by design IoT integration, and through compliance with international standards. Data is protected by strong password rules, up-to-date software, secure deployment of updates, encrypted Internet connections via VPN, as well as authentication and authorization.

The control system can be easily extended at the push of a button with additional security applications from the ctrlX OS Store. For example, with the Firewall, VPN Client, and Security Scanner apps.

Firewall app

The Firewall app protects devices from unauthorized access. Targeted filtering of incoming and outgoing data streams blocks unwanted connections and enforces security policies.
Find out more!

VPN Client

The VPN Client ensures secure remote maintenance and protected access to the devices from external networks. Access can be restricted based on machine status and on-site approval.
Find out more!

Security Scanner

As part of the machine acceptance checks at network level, the Security Scanner enables the complete inventory of all components as well as the assessment of the entire machinery’s security status. Potential vulnerabilities can therefore be identified and targeted.
Find out more!


Do you have any questions or comments about the ctrlX OS security features.

Contact us now!

Connected, protected, optimized – the solution sets

The following solution sets, which also contain solutions from ctrlX World partners, ensure quick and reliable implementation as ready-made complete packages:

Simply secure with MB Connect

With MB Connect Line combined with ctrlX CORE and the VPN Client, machine controls can be securely and remotely debugged, reset, and maintained. The how-to guide provides simple steps to set up Internet connectivity, IP forwarding, VPN configuration, and certificate installation for fast and reliable remote access.

Find out more!

Secure, encrypted data streaming with IXON

The first no-code industrial IoT connector especially for modern machine manufacturers. ctrlX OS devices connect directly to the IXON Cloud. Features such as VPN remote access, encrypted data streaming, intuitive data visualization, alarm messages, and user management enable optimized remote maintenance and data-based service optimization – all without any additional hardware.

Find out more!

All-in-one network monitoring tool from Paessler

The PRTG monitoring solution from Paessler GmbH for OT, IT, and IoT monitors all aspects of an OT infrastructure and creates a central overview. It alerts users to problems, simplifies fault detection, and reduces or eliminates downtime. In addition, dashboards and reports can be created and data and alerts can be supplied via OPC UA to control systems such as SCADA or ctrlX OS.

Find out more!

ctrlX CORE – secure by design and default

The control system ctrlX CORE demonstrates its strengths in terms of security to the full. Thanks to its secure design, from the ground up, as well as compliance with international standards and the certified operating system ctrlX OS, the control system inherently offers the highest level of cybersecurity. It can also be used as a security gateway.

Protective shield and gateway in one

Many machine manufacturers are still relying on older control systems that are not designed for the requirements of today’s connected industry. These legacy systems are often difficult to secure and pose a potential security risk.

ctrlX CORE offers a solution: as a security gateway, it can be integrated into existing automation solutions – independently of the hardware and software from other vendors. This allows modern security functions to be retrofitted to protect older systems against cyber threats and to make them fit for connected manufacturing.

The highlights of ctrlX CORE:

Secure by default
Encrypted data transmission, minimum network footprint

IoT integration with security by design
Compliant with IEC 62443-4-2 SL2

Secure update deployment
Rexroth Store, ctrlX Device Portal Premium

Flexible IT security configuration
Sessions and password rules, service configuration, etc.

Functionality can be extended
With additional security apps from the ctrlX OS Store


Get your manufacturing CRA ready.

Inquire now!

Good advice on the Cyber Resilience Act

Bosch Rexroth also supports companies with comprehensive consulting and services in the area of security. This includes, for example, carrying out risk and threat analyses, security scans, and training to build IT security skills. Individual security concepts are developed and implemented together with the users.

Bosch Rexroth consistently aligns all products and services to ensure that companies comply with the regulations and can thus design their systems securely and robustly in the long term.

Play it safe with Bosch Rexroth and keep your company fit for the future!

Contact us now!

Opened copy of the ctrlX AUTOMATION magazine 2023/2024

ctrlX AUTOMATION Magazine 2023/2024 –
Now available!

„Openness is everything“ ­– this is the motto of the ctrlX AUTOMATION magazine 2023/2024. This year, it´s all about openness and co-creation, which enables a completely new world of automation. Furthermore, there will be innovations of the product portfolio, exciting case studies and expert opinions on digitalization and connectivity.

More information!