EtherCAT meets CRA Security Level 2 requirements without modification. Extensions are being prepared for applications with higher security needs. TÜV SÜD is working with the EtherCAT Technology Group on an assessment report.
Cybersecurity and cyber resilience are becoming more important as new legislation in Europe and other regions requires risk assessments and evidence of appropriate countermeasures. Manufacturers must provide clear information on the cyber resilience of their products.
EtherCAT is an Ethernet-based fieldbus that is designed to be used like a traditional fieldbus and does not depend on typical IT networking features. As a result, many common IT cybersecurity measures may be unnecessary or less applicable.
EtherCAT processes Ethernet frames “on the fly” using dedicated EtherCAT chips. This design supports high data throughput and helps limit exposure to some types of cyber attacks. EtherCAT networks are typically separated from higher-level IT networks, which reduces the number of possible entry points. The controller still needs appropriate protection. With that in place, attacks from external networks such as the Internet or a company IT network are not expected. An attacker would generally need physical access to the EtherCAT segment. EtherCAT devices also communicate directly via Ethernet frames rather than Internet Protocol (IP), and most malware relies on IP to route across networks.
EtherCAT chips discard Ethernet frames that are not EtherCAT. This behavior limits EtherCAT devices to processing only the data addressed to them and prevents them from altering other traffic even if firmware is compromised. Controllers can disable unused EtherCAT ports and detect when additional devices are connected, including non-EtherCAT devices.
IEC 62443 defines measures and processes for the cybersecurity of industrial control systems and forms the basis for the corresponding standards of the European Cyber Resilience Act.
For applications with high security requirements, the ETG is developing optional protocol extensions that can be enabled without hardware changes. The ETG is also preparing a certification authority so members can sign and authenticate EtherCAT device description files and software using a consistent process.
EtherCAT meets the requirements of the Cyber Resilience Act without changes to the core technology. Downward-compatible extensions are in development for use cases with additional requirements.
TÜV SÜD is preparing a test report on EtherCAT cyber resilience under IEC 62443. TÜV SÜD experts have confirmed the ETG’s main findings, but the final assessment is pending.
For more information, visit ethercat.org.
Leave a Reply
You must be logged in to post a comment.