Cybersecurity for Industry – What’s Coming and Why It Matters

At Softing Industrial, we’ve been following the latest cybersecurity regulations closely — especially the Network and Information Security Directive 2 (NIS2 Directive) and the Cyber Resilience Act (CRA). These frameworks will have a major impact on how industrial companies secure their systems and products.

We’ve taken the time to reflect on the consequences these changes may bring. This newsletter is intended to share key insights and contribute to a clearer understanding of the potential impacts - and how to prepare effectively.

NIS2: More Security, More Responsibility

The updated Network and Information Security Directive 2 (NIS2) strengthens the critical infrastructure cybersecurity in the EU. It expands on the original rules from 2016 and applies to a much broader group of companies, including:

• Operators of critical infrastructure (energy, transport, healthcare)
• Industrial automation vendors and system operators
• Providers of digital services such as cloud, data centers, or IoT platforms

What does it mean for your business?

• You’ll need stronger security controls for networks, access, and incident response
• You’ll be required to report security incidents within 24 hours
• You’ll need to evaluate and secure your entire supply chain, not just your own systems

For industrial companies, this means closer collaboration between IT and OT — and integrating security into day-to-day operations, not treating it as an afterthought.

CRA: Security by Design Becomes Mandatory

The Cyber Resilience Act (CRA) introduces specific cybersecurity requirements for any product with digital functionality. This includes PLCs, industrial PCs, IIoT gateways, and more.

The main takeaways:

• Security must be built into products from day one
• Vendors must monitor and fix known vulnerabilities
• Security updates need to be available for defined product lifetimes

These rules push everyone in the industrial supply chain to adopt a more structured, long-term approach to secure development — something we’ve already embraced at Softing Industrial.

IEC 62443: Your Guide to Structured Industrial Security

If NIS2 and CRA are the “what”, the International Series of Standards IEC 62443 is the “how”. It’s a proven, vendor-neutral framework that helps industrial organizations implement robust cybersecurity strategies.

Key principles:

• Apply risk-based security tailored to your specific threat landscape
• Segment networks into secure zones to limit attack surfaces
• Use identity and access management to protect both users and machines
• Ensure encrypted communication across all data paths

At Softing Industrial, IEC 62443 is the foundation for how we design secure products — and it’s helping us (and our customers) align with the new EU regulations.

Challenges and Opportunities We See

Implementing these changes won’t be effortless. But they’re necessary — and they bring long-term benefits.

Common challenges:

• Modernize legacy systems that weren’t built with cybersecurity in mind
• Meet increased documentation and process requirements
• Provide training across different teams

Clear benefits:

• Greater resilience against cyberattacks
• A stronger market position as a trustworthy partner for companies that invest in cybersecurity early on
• Harmonized processes that make global collaboration easier

How Softing Industrial Is Putting Security Into Practice

At Softing Industrial, we’ve been preparing early for the new cybersecurity landscape - not just to comply with NIS2 and CRA, but to lead with secure product development based on IEC 62443-4-1.

Certified Secure Development with IEC 62443-4-1

In response to growing customer demand, we began aligning our development processes with IEC 62443-4-1 in early 2022. After an audit by TÜV Süd, we achieved certification in June 2023 for our sites in Haar, Nuremberg, and Cluj.

Since then, secure development has become our standard for all products, and we are applying component-level security following IEC 62443-4-1.

Smart Network Segmentation with smartLink HW-PN

A key principle of IEC 62443 is segmenting networks into secure zones. To support this, Softing Industrial offers the smartLink HW-PN - a dedicated gateway for safe access to PROFINET networks.

It enables secure asset management, network monitoring, and process analysis (e.g. IIoT, NOA) via an OPC UA-based FDI interface. Tools like Emerson AMS Device Manager can configure and monitor devices - with encrypted, certificate-protected communication.

smartLink HW-PN acts as a PROFINET Supervisor, allowing controller-independent access to field devices. Its dual-OS architecture ensures a strict separation between IT and OT - no complex firewall rules needed.

Knowing What’s Really in Your Network: Real-Time Inventory

A secure industrial network doesn’t just need protection — it needs visibility. Especially in older plants, there’s often a gap between what was planned and what’s installed.

That’s why we developed the plantPerfect Monitor, our latest solution for real-time network inventory. Initially available for PROFIBUS, and coming to PROFINET in fall 2025, this tool leverages our smartLink devices to scan the network and map all connected devices — including their firmware versions.

With this live view of your network, you can:

• Detect inconsistencies between planned and installed device configurations
• Identify outdated firmware versions
• Lay the groundwork for effective patch and risk management

Together with smartLink HW-PN, plantPerfect Monitor helps create a foundation of transparency and security in your automation infrastructure.

Final Thoughts: Be Proactive, Stay Compliant

NIS2 and CRA aren’t just more rules to follow — they’re a wake-up call for the entire industry. At Softing Industrial, we see them as an opportunity to rethink how we approach security.

By acting early, you’re not only reducing compliance risk — you’re building trust, simplifying collaboration, and preparing your business for the connected industrial future.

Let’s get ready for what’s next — together.

#IndustrialCybersecurity #NIS2 #IEC62443 #SecureByDesign #SoftingIndustrial

Discover Connected Insights

Our LinkedIn newsletter for all things industrial connectivity and digital data communications!

Each issue covers a wide range of topics, from optimizing data exchange, to efficiently implementing OT/IT integration, to building seamless connections to edge and cloud platforms. Plus, enjoy real-world stories and expert insights that help drive innovation in industrial environments.

Don't miss out on these valuable updates - subscribe now and stay updated on developments in industrial connectivity and digital transformation!