The version of the Machinery Directive currently in force is Machinery Directive 2006/42/EC, even though it is currently being updated. In particular, the next Machinery Directive (i.e. New Machinery Regulation) will introduce several new EHSR in regard to Cyber Security.
Cyber Security EHSR in the New Machinery Regulation
As the most recent documentation from the European Community reveals, the attention of the New Machinery Regulation will focus on the risks deriving from malicious actions of third parties with an impact on the safety and reliability of machines:
Cybersecurity with an impact on safety
In view of addressing, the risks stemming from malicious third-party actions and that have an impact on machinery safety the proposal adds a new EHSR 1.1.9 and clarifies EHSR 1.2.1 on the safety and reliability of control systems.
The 1.1.9 requirement (Protection against corruption) means what is highlighted below:
Requirement 1.1.9, therefore, announces that a machine connected with another device, for example, a remote device, must be manufactured in such a way that avoids a dangerous situation.
A critical hardware component must be designed to be adequately protected against accidental or intentional damage (i.e. potential cyber-attacks), in order to be in compliance with health and safety requirements.
Even the software will be subject to the health and safety requirements of the New Machinery Regulations. In addition, the legitimacy of the interventions on the configuration must also be proven for any modification or software updates.
Explore our consulting services:
Regarding the safety and reliability of control systems, the abstract of requirement 1.2.1 establishes that:
Control systems must be manufactured in such a way that prevents risks, which therefore also include intentional and unintentional external attacks, including malicious attempts by third parties to create a dangerous situation.
The complete update to the New Machinery Regulations is still in progress, in the meantime, visit the official documentation of the European Community.
Do you need immediate assistance to ensure a machine complies with European or Industrial Cybersecurity standards?
Do you want to contribute to our page?
Go back to the blog