IC695CMU310 Industrial information security

The EU Machinery Regulation deals with the issue of “information security”.

Article 20 refers to Regulation (EU) 2019/881 [Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (European Union Agency for Cybersecurity) Cybersecurity Certification in information and communications technology]. This regulation is a potential way of meeting the requirements of the EU machinery regulation and it can be foreseen that there will be an appropriate harmonised standard to meet this requirement in the future.

In Appendix III, paragraph 1.1.9, basic health and safety requirements for the design and manufacture of machinery or related products, it is required to prevent software damage on the machine, in particular when connected to “equipment” (connected to other data sources, such as programming equipment or network interfaces). In the form of basic health and safety requirements, device connectivity is considered a potential risk in modifying the integrated software of the machine and is required not to compromise the safety functions of the machine as a result.

In the future, manufacturers will have to specify the parts of their software that arIC695CMU310 e relevant to compliance and provide protection against accidental and intentional modifications. What’s more, in the future every machine will have to collect evidence of legal or illegal interference with the software – in other words, everything will have to actually be recorded.

Industrial information security has become a mandatory element of machinery safety, and manufacturers need to develop appropriate industrial information security concepts. Network machine manufacturers should be prepared for this. In addition to this, they will face legislative requirements in other areas (e.g. EU Cyber Resilience Act, radio Equipment Directive, etc.).

A self-evolving machine

“Self-evolving machines” is actually another way of saying “artificial intelligence.” What should we do when machines become self-evolving? First, the issue concerns the need for the involvement of designated bodies. Second, “evolution” by any means falls under the category of risk assessment, as modified software may introduce new and even greater risks! In extreme cases, it is necessary to consider whether self-learning software is likely to produce new machines. This is a very interesting question not only for the manufacturer, but also for the designating authority, and the most importaIC695CMU310 nt thing is that the basis for assessment must first be established.

1. Security-related software

Security-related software is not an entirely new problem, but there is now a clearer explanation.

If such software is placed on the market as a standalone product, it is considered a safety component and is subject to the rules of the Machinery Code. In the vast majority of cases today, the functional library of a programmable controller is tested and certified together with the corresponding hardware, etc. However, if such modules are offered separately by third parties, a declaration of conformity and CE marking must be provided.

2. Security Integration Principles – New features

Machinery must be designed and constructed to enable users to test safety functions where appropriate.

Where appropriate, the machine must be equipped with instructions for testing, adjustment, maintenance and use procedures. This allows the operator to test safety-related functions in the future, as specified by the manufacturer. The new regulation eases the burden on operators who perform this task because there is currently no uniform test prompt and they are determining the details of the actual execution themselves.

3. Movable machinery – New feature

Autonomous mobile machinery must have a supervisory function that can be identified and operated remotely. For autonomous mobile machinery, the operator must be able to start, stop, or secure the machine without having to go directly to the machine, thereby avoiding human access to potentially hazardous areas.

The promulgations of the new EU machinery regulation are mainly in response to the technological evolution of digitally connected intelligent machinery, which will become the core policy of the EU’s machine and factory safety. Whether it is a manufacturer, importer or distributor of machinery and equipment, it is very necessary to familiarize yourself with the relevant provisions of the regulations as soon as possible and understand the obligations that you should undertake.