Functional safety components protect life and health when working on plants and machinery. For instance, a safety locking function can prevent a safety gate to a hazardous zone of a plant or machine from being opened. To ensure that safety functions of control systems are reliable, the control system itself must also be secure, i.e. protected against tampering.
Safety components must therefore be
The annual State of IT Security Report of the German Federal Office for Information Security (BSI) shows how frequently specific attacs have been observed. The reports describe, for example, attacks on industrial controls capable of putting a blast furnace in a steel plant out of control or instances where a safety control system was hijacked in a chemical plant.
Protection against attacks is therefore imperative, especially for functional safety components.
The DGUV works towards an effective improvement of this situation in a number of different areas:
Machinery Regulation: Regulation (EU) 2023/1230 of the European Parliament and of the Council of 14 June 2023 on machinery and repealing Directive 2006/42/EC of the European Parliament and of the Council and Council Directive 73/361/EEC
Cybersecurity Act
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013
NIS Directive
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
NIS 2 Directive
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148
Cyber Resilience Act
Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending regulation (EU) 2019/1020
Feedback from DGUV
on the initiative: Cyber resilience act – new cybersecurity rules for digital products and ancillary services (in German)
Technical Regulation for Operational Safety Part 1 / Technische Regel für Betriebssicherheit (TRBS) 1115 Teil 1
"Cybersicherheit für sicherheitsrelevante Mess-, Steuer- und Regeleinrichtungen" (in German only)