Ostfildern, May 16, 2024

Industrial Security: From manipulated bit to industrial accident

Andreas Willert, Head of Industrial Security, Pilz Austria

(Check against delivery)

With the publication of the new EU Machinery Regulation (MR), the forthcoming directive NIS 2 and the planned Cyber Resilience Act (CRA), it is now clear to plant and machinery builders, integrators and  operators: Security is a legal requirement! From 20.01.2027, anyone wishing to apply a CE mark to their machine must guarantee that control of the machine is adequately protected against accidental or intentional corruption, and any hazardous situations that may arise are avoided.

Why it is so hard to get started
The legal and normative requirements are quite complex, in-depth and interwoven. Machine builders and operators will have to revise their existing processes for safety and security. No Safety without Security!
Moreover: IT security and OT security differ in terms of both objective and technology. While confidentiality is usually the greatest asset in (office) IT, the highest priority in OT is availability. What’s more, companies have different levels of knowledge and maturity when it comes to Industrial Security. Networks offer different attack surfaces, therefore. Also, unlike safety, security risks and their impact are not tangible. So how to get started?

One-stop Safety and Security
Companies are not on their own: As a machinery safety expert, Pilz has prepared in advance for the upcoming security requirements. Customers don’t just receive an assessment, analysis and concept for the safety of their plant and machinery, but also for the Industrial Security on the machine – a one-stop shop. As a result, divergent approaches and incompatible solutions are avoided. Pilz has developed Services for Industrial Security, building on proven procedures for machinery safety services and based on relevant national, European and international standards, not to mention best practice. With our support, companies can be well prepared, and safely on the road to compliance with current and future legal requirements.

We always start with a snapshot in the form of a Protection Requirements Analysis: Which laws apply? Are there people already responsible? Maybe the company is already certified for the office environment? The next step is to determine the severity of harm for human and machine if safety, confidentiality, integrity or availability are lost. Like the procedure for a safety assessment, companies can then take the next steps: the Risk Analysis, production of a Security Concept, implementation then finally Verification.

Customised support
Pilz offers a range of different services for Safety and Industrial Security. An offer is therefore ready, which holistically includes all aspects of protection for human and machine. The offer ranges from basic information and guidance as well as training courses such as the “CESA – Certified Expert for Security in Automation” qualification to the “ISCS – Industrial Security Consulting Service”, which provides practical support with the implementation of the new requirements of the Machinery Regulation.

Experience shows that the required Security Risk Analysis, for example, can take several weeks, even months.
That’s why the time for Industrial Security is now!


Pilz Automation Safety L.P.
7150 Commerce Boulevard
Canton, MI 48187

Telephone: +1 734 354-0272
E-Mail: info@pilzusa.com

Press contact

E-Mail: s.cannistraro@pilzusa.com