European countries are currently processing the EU NIS2 directive implementation. It is expected all regional laws will be in place by early 2025. NIS2 extends the range of sectors in scope, and therefore the number and type of adjacent companies for which cybersecurity measures are mandatory. With NIS2, the management of a business assumes responsibility for its resilience to attacks from outside, by specifying the control measures to be taken.
These obligations include comprehensive risk analyses of information and operational technology (IT and OT) security; taking proportionate measures both technically and operationally; and reporting.
On the industrial automation side of the network, the ISA IEC 62443 standards introduce a process to identify the ‘Security Level’ needed and give guidelines on how to achieve the necessary security level to protect the installation adequately.
Variable speed drives from Danfoss are primarily used to control physical processes in operational facilities. For this reason, Danfoss considers relevant requirements in the IEC 62443 framework to design products in scope for cybersecurity:
- IEC 62443-3-3: Technical requirements for control systems
- IEC 62443-4-1: Secure product development lifecycle processes
- IEC 62443-4-2: Technical requirements for components
When Danfoss delivers a product, we are doing our utmost during product design and development to protect your installation, using security development lifecycle processes certified by TÜV Süd. The variable speed drive and power converter products continue to be easy to install and operate in your applications.