zuruck zur Themenseite

Articles and background information on the topic

Cybersecurity

Inka Krischke,

Profinet enables CRA conformity

The EU Cyber Resilience Act (CRA) will require all manufacturers of products with digital elements to implement comprehensive security measures from December 2027. After a thorough review of its technologies, Profibus & Profinet International (PI) has come to the conclusion that Profinet already provides the basis for CRA compliance.

Profinet offers a scalable security solution. © PI

"The requirements of the CRA present companies with major challenges," says Xaver Schmidt, CEO of PI. "Our analysis shows: Manufacturers who rely on Profinet already have a solid basis for CRA compliance today. With higher security requirements, manufacturers can gradually expand their products with Profinet security features in the future - from authenticated secure communication to full encryption."

The CRA requires manufacturers to assess the cyber security risks of their products. They analyze possible attack scenarios and evaluate the required protection for industrial communication. Depending on the risk assessment, manufacturers can implement individual or multiple building blocks from the Profinet security architecture to meet the CRA requirements for secure communication:

  • Secure Cell: Network segmentation and access control (cell protection concept) can already be implemented with today's Profinet installations. Additional hardening measures are available with the Profinet specification V2.5.
  • Secure Access: Direct, secure access to devices from higher-level networks for applications ranging from asset management to artificial intelligence.
  • Secure Realtime: Integrity, authentication and, if required, confidentiality through cryptographic protection of acyclic and cyclic real-time communication for critical infrastructures.
Advertisement

The Secure Access and Secure Realtime modules are described in the Profinet specification V2.5, which will be published in mid-2026.

"Cyber security is not a one-size-fits-all approach, but must be scalable - from small standalone machines to systems distributed over many kilometers," says Schmidt. "The Profinet architecture covers the entire spectrum: from network segmentation to cryptographically secured real-time communication - while maintaining the same level of performance. The decisive factor is that many manufacturers can use their existing Profinet installations as a basis and expand them as required. This enables a needs-based implementation of the CRA without compromising on data access."

PI is developing the Profinet specification in close cooperation with TÜV SÜD and is based on the industry standard IEC 62443.

  • Xing Icon
  • LinkedIn Icon
Advertisement
Back to topic page
Advertisement

You might also be interested in

Advertisement

Adlon

Security portfolio expanded

Adlon is further developing its Security Operations Center and adding another module to the existing Managed SOC for Microsoft 365 environments (based on Managed XDR): 'Managed SOC Advanced'.

read more...
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

B&R

CRA guide for Powerlink checked

TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.

read more...
Subscribe to our newsletter
Advertisement
Back to home