Platform on production and process automation
Cybersecurity is new element in new Machinery Directive
Conveniently get a new CNC program from the cloud and load it onto the machine. Prevent outsiders from "going in" this way, too.

Cybersecurity is new element in new Machinery Directive

Although originally written to facilitate trade between EU countries, the Machinery Directive is also considered by many to be "the machinery safety directive. And that is not entirely unjustified. Specific attention to cybersecurity has been added in the new Machinery Directive, which comes into force on Jan. 20, 2027. An important addition at a time when Internet of Things (IoT), AI, industrial security, digitization and networking are having an increasing impact on machines and installations. However, machinery manufacturers are still in little hurry to take the required measures.

In 1995, the first Machinery Directive came into force. An important European directive that simplified trade in machinery between EU countries. This is because the directive applies to all companies in the European Economic Area that design, build and/or sell machinery. Through CE-marking it is declared that a particular machine complies with the Machinery Directive with which companies are assured of a safe machine when importing machines.

How well are control boxes of any machine protected from hacker attacks?

Cybersecurity

Since 1995, the Machinery Directive has been amended twice and a new version appeared in 1998 and 2009, respectively. We are now another 15 years on and technology has certainly not stood still. The most notable developments have been done with respect to Industry 4.0 (Internet of Things/IoT), artificial intelligence and augmented reality and networking. Central to this is a connection between the machine and "the outside world," with which the latter theoretically has the ability to invade the machine - and with it, sometimes an entire company - on a digital level. 

This "hacking" is done in some cases by "bad guys," but more often by hardened cybercriminals bent on stealing data or taking a company hostage digitally. In the latter case, the company in question must pay a ransom to regain access to its files. Many companies do this because shutting down production is simply not an option. Practice shows that in recent years the number of threats but also the type of threats has grown significantly. The fact that "working in the cloud" is gaining popularity also contributes to the growth in the number of attacks.

Connecting an external laptop to a network can be the beginning of a cyber attack.

2027: new Machinery Directive

These digital innovations have long been sufficient reason to develop a fourth edition of the Machinery Directive. This already came into force in 2023 but gives manufacturers until July 20, 2027, to fully comply with it. By the way, this update will probably no longer be published as a directive but as a regulation. This means that it is a European law that takes immediate effect and does not require translation into national legislation. 

The main additions in this new edition are in the area of cybersecurity, which is required to be included in the risk assessment. From this, additional protection of software from damage may be required, among other things. For example, connecting "foreign" devices to a machine poses a potential risk. Think of a maintenance engineer's laptop or a USB stick with a new program. The new Machinery Directive requires that the safety functions of the machine not be affected by this connection. And so there are many other details to prevent companies from falling victim to a successful cyber attack via a machine. 

Any production machine connected to a network connected to the outside world is a potential target for hackers

Prepare

Companies that specialize in machine safety find that the interest among machine manufacturers in dealing with cybersecurity is not particularly high. Now that is a well-known fact when the obligation is still "so far away," but it is also known that time moves faster than you sometimes want it to. So a general advice to machine manufacturers is to hurry up with the steps necessary to allow a machine to be CE marked even after Jan. 20, 2027. Various training courses and workshops have now been developed with which companies can get started and which support, on the one hand, the detection of risks and, on the other, the selection of the right hardware or software solution combined with organizational measures or protocols.

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.

Wij gebruiken cookies. Daarmee analyseren we het gebruik van de website en verbeteren we het gebruiksgemak.

Details

Kunnen we je helpen met zoeken?

Bekijk alle resultaten