Safety and security go hand in hand in today’s industrial environments. Pilz highlights IEC 62443 as a key standard for achieving industrial security compliant plant and machinery, through a structured, risk-based approach to cybersecurity.
For years, Pilz has championed the idea that machinery safety and industrial security are no longer separate disciplines – they are inseparable. Simply put there is no safety without security.
Machinery safety is about protecting people from the risk of operating industrial equipment. Industrial security, on the other hand, safeguards the machinery itself from unauthorised access, manipulation, or cyber threats – any of which can directly compromise the safety of your people if left unchecked.
Regulatory frameworks are evolving to reflect this reality. One such development is the EU Machinery Regulation, which addresses cybersecurity as a safety issue. Alongside this, there is a key series of standards that tackles the challenge of industrial security head-on including IEC 62443.
What is IEC 62443 about?
IEC 62443, formally titled Industrial communication networks – Network and system security, is a series of international standards that address cybersecurity for industrial automation and control systems (IACS). In simple terms, it provides guidance on how to achieve IT security within industrial environments.
Its core objectives are to:
• Protect industrial networks and systems from cyberattacks.
• Define security requirements for components, processes, and personnel.
• Enable secure integration of devices and systems from multiple vendors.
The standards cover a range of topics – from risk analysis and secure operations to product development with security by design. IEC 62443 is built around the five key concepts of foundational security requirements, zones and conduits, security levels, security lifecycle and risk analysis.
As a result, IEC 62443 serves as a reference for plant operators, machine builders, and device manufacturers seeking to implement industrial security effectively. The key parts of the standard IEC 62443 include:
| For component manufacturers | For system integrators | For operators |
| IEC 62443-4-1 Development process | IEC 62443-2-4 Directives and procedures | IEC 62443-2-4 Directives and procedures |
| IEC 62443-4-2 Security functions for components | IEC 62443-3-2 Security functions for automation and control systems | IEC 62443-2-1 Operation and service |
| IEC 62443-3-3 Security functions for the entire automation and control system |
Security risk assessment and defence-in-depth
At the heart of IEC 62443 is the Security Risk Assessment – a structured process that forms the basis for implementing tailored security measures. The standard highlights the importance of balancing organisational and technical controls, recognising that technology alone cannot guarantee security.
Relying solely on technical solutions can create a false sense of security. Human behaviour often undermines even the most robust systems. For example, a password only offers protection if it is regularly changed, kept confidential, and not visibly displayed on the device.
To meet the unique demands of Operational Technology (OT) environments, industrial automation systems require a defence-in-depth approach. This means layering multiple security measures across people, processes, and technology.
Other relevant standards
While IEC 62443 is the key standard for industrial security, others complement its approach:
• ISO/IEC TS 63074:2023 focuses on the link between safety and security, using IEC 62443 to assess threats to safety-related control systems.
• ISO/IEC 27001 outlines requirements for managing information security across an organisation, including OT environments.
These standards reinforce the need for a defence-in-depth strategy, but when it comes to securing industrial automation, IEC 62443 remains the most practical and comprehensive framework.
How Pilz can support
With a focus on safe and efficient machinery, Pilz offers expert guidance and complete solutions to support users at any stage of their industrial security journey. Whether they’re starting or refining their approach, Pilz helps ensure their systems meet the organisational and technical requirements of IEC 62443, the EU Machinery Regulation, and other relevant standards.
By developing a robust industrial security concept and aligning with recognised frameworks, companies can strengthen their cybersecurity posture – right down to the machine level.
