The OT sector is undergoing a profound transformation driven by key trends that promise to reshape the industry’s landscape, such as the increase in machine connectivity, the growing prevalence of software with the consequential demand for updates, and the rising influence of autonomous movement and machines.
The dawn of a new era marked by technological advancements has demanded a swift and comprehensive response. Recognizing the urgency of the situation, there has been a call for collective action at the European level. The answer is encapsulated in the New Machinery Regulation – the new EU regulation on machinery products that will replace the existing Machinery Directive (2006/42/EC), closing current regulatory gaps.
Aimed at assessing both safety and cybersecurity impacts of emerging technologies, the upcoming regulatory framework was approved by the European Parliament in April 2023 and will come into force in January 2027.
Integrating Cybersecurity in the Machinery Regulation
In contrast to the Machinery Directive, which sets out essential health and safety requirements for machinery to ensure a high level of protection for individuals who use them, the New Machinery Regulation also includes cybersecurity as a protection goal, highlighting the potential risks stemming from the integration of IoT, Artificial Intelligence, data exchange between IT and OT systems, and exposure to cyber attacks. Indeed, all these factors pose threats to the reliable operation of systems, jeopardizing the safety of people.
Numerous incidents have already offered a glimpse into the potential consequences of such attacks. Physical damage resulted from a cyberattack on a steel maker in Iran. Attacks on water treatment plants have raised concerns about the potential contamination of drinking water supplies, while attacks on oil and gas operations, as well as food processing plants, have posed a threat to disrupting essential supplies upon which populations rely.
Given the context at hand, the main modifications introduced in the new regulation are intricately linked to technological innovation. In particular, these changes broaden the scope beyond traditional physical components to include digital and software elements as well.
Key Reasons to Embrace the New Machinery Regulation
Staying ahead of regulatory changes is crucial for sustained growth and success: adhering to such regulations not only helps organizations mitigate risks, but also demonstrates a commitment to security and compliance, enhancing their reputation in the marketplace.
All relevant parties – such as manufacturers, importers, authorized representatives, distributors, and operators – are therefore advised to initiate their preparations for the new requirements well before the deadline.
But while a small, proactive group of companies might immediately take steps to implement the required measures in compliance with the new regulation, a significantly larger group of companies is likely to move slower, displaying a delayed response and inadequate attention, driven by the belief that these regulations do not have a direct impact on them. Frequently, the turning point occurs when a notable incident affects organizations within the same industry. At that moment, companies may recognize their vulnerability to similar attacks, potential fines, reputational harm, and financial losses, and start reassessing their approach.
Don’t wait for a neighbor to fall victim to a cyberattack! Discover the top ten benefits of embracing the New Machinery Regulation now.
Contact our OT Cybersecurity & Innovation Lab team to consult on the next steps with NMR: contacts@hwgsababa.com.