Functional safety components protect life and health when working on plants and machinery. For instance, a safety locking function can prevent a safety gate to a hazardous zone of a plant or machine from being opened. To ensure that safety functions of control systems are reliable, the control system itself must also be secure, i.e. protected against tampering.
Safety components must therefore be
The annual State of IT Security Report of the German Federal Office for Information Security (BSI) shows how frequently specific attacs have been observed. The reports describe, for example, attacks on industrial controls capable of putting a blast furnace in a steel plant out of control or instances where a safety control system was hijacked in a chemical plant.
Protection against attacks is therefore imperative, especially for functional safety components.
The DGUV works towards an effective improvement of this situation in a number of different areas:
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
Cyber Resilience Act
EU suggestion - Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
Feedback from DGUV
on the initiative: Cyber resilience act – new cybersecurity rules for digital products and ancillary services (in German)
Technical Regulation for Operational Safety Part 1 / Technische Regel für Betriebssicherheit (TRBS) 1115 Teil 1
"Cybersicherheit für sicherheitsrelevante Mess-, Steuer- und Regeleinrichtungen" (in German only)
Prüfgrundsatz GS-IFA-M24 (PDF, 543 kB)(Test Principle, in German only): Standards for the testing and certification of security aspects in the functional safety of industrial automation systems