This article aims to dispel some of these assumptions and offers practical insights into effective cybersecurity implementation, addressing key questions such as:
- Are non-networked OT affected too?
- What is my risk at the field level?
- Can cybersecurity be user-friendly?
- Are patches necessary, and should they be applied?
The Myth of Safety: Are Offline Drives Truly Safe?
The belief that drives not connected to the internet are safe is misleading. Headlines about production stoppages due to cyberattacks highlight the importance of resilience in automation. While traditional preventive measures often focus on the control level, downstream components can pose significant risks.
Cybersecure drives from Danfoss enable efficient field protection with minimal complexity. A common misconception is that cybersecurity is only relevant for drives connected to the internet or when IT and OT infrastructure overlap. However, system boundaries are frequently crossed, such as through laptops used in both networks.
Risk Management and Solutions for my drive
Cybersecurity is a collaborative effort: Through cascading measures, the risks of an attack can be reduced layer by layer. This means that a very strong firewall between IT and OT does not necessarily require an equally potent solution at the control or converter level.
The internationally recognized standard IEC 62443 for cybersecurity in automation classifies risks and corresponding measures into Security Levels (SL), ranging from SL1 to the highest requirements SL4. While higher security levels like SL2, SL3, or SL4 may be needed for plants and machinery, SL1 is often sufficient for field components like converters.
A drive can specifically cause damage through manipulated speeds, so IT/OT security gaps must never compromise functional safety. Additionally, there is the possibility of accessing the network through vulnerabilities, such as in a fieldbus stack. The potential damage from a manipulated drive varies and must be assessed by the machine builders or operators.
"In most applications, a security level SL1 will be sufficient for drives, given upstream security mechanisms at the machine or plant level."
Danfoss drives – Cybersecure and User-Friendly
Under the EU Cyber Resilience Act, Danfoss will exclusively market cybersecure drives by the end of 2027, with reporting obligations for potential vulnerabilities already fulfilled starting in 2026. Danfoss is certified according to IEC 62443-4-1. You can already integrate Danfoss drives into your plants and machinery to meet security level SL1 with the help of corresponding guidelines. Models like FC 280, FC 302, VACON 100, and NXP will soon have certified security measures. User management, a central element, can meet SL2 requirements. All devices implement the necessary separation of functional safety from cybersecurity, ensuring a safe stop if functional safety is compromised. Cybersecurity does entail restrictions, such as password management, which can be challenging in service situations. Danfoss drives allow user management activation only when needed, with customizable roles tailored to different needs.
A Class of Its Own: The Danfoss iC7-Series
The Danfoss iC7-series is the world's first “Secure-by-Design" converter, with cybersecurity considered from the initial product concept. While conventional devices can achieve a maximum security level of SL2, the iC7-series supports levels up to SL4, thanks to an integrated crypto chip that enables internal data encryption and secure certificate handling as well as other security mechanisms.
Initially meeting security level SL1, the iC7-series facilitates designing systems with higher security requirements down to the drive level. Like other converters from Danfoss, user-friendly commissioning and simple handling in the service case are the focus.
Regardless of the industry, the use of versatile frequency converters makes a difference. The new iC7 frequency converter generation offers motor control and maintenance functions as well as integrated encryption for powerful systems that maximize uptime and ensure competitiveness.
OPC/UA: Secure Communication from Control Level to Field Level
Secure communication is rare in standard fieldbuses. OPC/UA offers a solution by enabling secure communication paths. It also allows for device backup, update, and restore. Security updates for field devices can be centrally managed via OPC/UA: secure data, install the update, and restore the backup. The iC7-series supports OPC/UA without additional hardware requirements, activated via a license. OPC/UA can be used alongside existing communication paths like Profinet, or through separate network structures.
Beyond Secure Products
By the end of 2027, drive manufacturers must market secure drives. However, devices alone are insufficient. If a security gap is discovered, the market must be informed and security updates provided.
As a device user, you must decide whether applying the security update is necessary or could affect machine or plant operation, similar to IT devices today. Danfoss supports you in these steps, providing information, tools, and assistance in assessing update necessity.
"Cybersecurity is not just an option, but a duty for companies aiming to secure uptime and protect systems."
Conclusion
Ensuring cybersecure uptime is vital for business success. Implementing the right technologies and practices protects systems, maximizes uptime, and maintains competitiveness. Review and optimize your cybersecurity strategies to unlock the full potential of your operations. With Danfoss solutions, you are equipped to meet the challenges of the digital world and operate your systems securely and efficiently. Let's shape the future of industrial automation together and elevate your operations to the next level. Our experts are available to develop and implement a comprehensive cybersecurity strategy tailored to your company's needs.
Investing in cybersecurity is investing in the future of your company. Digital transformation offers enormous opportunities and also risks. With the right security measures, you can leverage opportunities and minimize risks.
About Michael Burghardt
.jpg)
After finishing his studies in electrical engineering at the University of Applied Science in Frankfurt, Michael Burghardt started his career in R&D for electrical motors. Later he gained experience as project engineer in petrochemical plant engineering. In 2001 he joined Danfoss where he is currently driving the Business Development for Portfolio and Technology in EMEA.
His focus areas are the product portfolio, digitalization and energy efficiency. This includes activities within ZVEI, VDMA and IDTA.
LinkedIn-Profile: Michael Burghardt | LinkedIn
About Danfoss
Danfoss engineers solutions that increase machine productivity, lower energy consumption, enable electrification, and reduce emissions.
Our solutions are used in areas such as refrigeration, air conditioning, heating, power conversion, motor control, industrial machinery, automotive, marine, and on- and off-highway equipment. We also provide solutions for renewable energy, such as solar and wind power, Power-to-X, heat recovery, as well as contribute to district-energy solutions for cities.
Our innovative engineering dates back to 1933. Danfoss is family-owned and employs over 39,000 people. We create long-term value for our customers in more than 100 countries with a global footprint of around 100 factories.
