Cyber Security

Consistently integrate specifications

Consistently integrate specifications
Consistently integrate specifications

The Cyber ​​Resilience Act (CRA) obligates manufacturers, importers, and distributors to demonstrably implement cybersecurity throughout the entire lifecycle of products with digital elements. For industrial automation, this means that products must be designed securely from the outset ("Secure by Design"), shipped with pre-configured security features ("Secure by Default"), have known vulnerabilities actively addressed, and have free security updates available throughout their lifecycle. Mitsubishi Electric consistently integrates the CRA requirements into its development, operation, and support processes.

Regulation (EU) 2024/2847 was published on November 20, 2024. Reporting obligations for actively exploited vulnerabilities will apply from September 11, 2026, and all requirements will be fully implemented from December 11, 2027. This makes cybersecurity a central component of CE conformity.

For operators of networked production facilities, mandatory update and reporting processes increase predictability and reduce risks in the supply chain. Controllers, HMIs, and network technology must not only be high-performance in the future, but also auditably cyber-resilient. Mitsubishi Electric is consistently integrating CRA requirements into development, operation, and support. A Product Security Incident Response Team (PSIRT) coordinates vulnerability management and publishes countermeasures. As a CVE Numbering Authority (CNA), Mitsubishi Electric can clearly identify security vulnerabilities and communicate them transparently. Furthermore, the company relies on signed firmware updates, role-based access controls, and monitoring concepts that protect operations and ensure compliance. All measures are based on international standards such as IEC 62443-4-2 and create a robust foundation for auditing and documentation.

From HMI to PLC: Technical measures for auditable cyber resilience

Mitsubishi Electric is successfully implementing these requirements. For HMIs, such as the new GOT3000 series, signed firmware updates, restrictive default configurations, and role-based user management are used. PLC systems, such as the new MELSEC MX-F and MX-F platforms, are made resilient against cyberattacks through separate engineering and operational networks, encrypted remote access, and defined update processes. Typical evidence includes a complete SBOM (Service Building Management), documented patching processes, log export, and communication of the support period. Similar principles apply to drives, robots, and engineering software: secure communication paths, documented lifecycle support periods, and disclosure of known CVEs (Common Vulnerabilities and Exposures). These measures increase resilience against manipulation and support the documentation required for CE marking.

Current threat landscape and regulatory pressure

The relevance of the CRA (Computer Reaction Advisor) is underscored by recent developments. According to Dragos Report, the number of ransomware attacks on industrial organizations increased by more than 87 percent in 2024 compared to 2023, and new ICS-specific malware families were identified in parallel. At the same time, Germany is tightening requirements for companies with the NIS II Implementation Act: Since the end of 2025, around 29,000 companies have been subject to extended security and reporting obligations, and cybersecurity is explicitly becoming a management responsibility. This significantly increases compliance pressure along the industrial supply chain and complements the requirements of the CRA (Cybersecurity Assessment Authority).

Greater trust in Industrial systems

The CRA opens up opportunities for greater transparency and trust in automation solutions. Mitsubishi Electric offers solutions for secure, future-proof production, from secure firmware updates and access controls to monitoring concepts. The company also provides checklists and security advisories to facilitate documentation for audits. Practical examples such as weekly patch windows for HMIs or PLC engineering via jump hosts based on the bastion principle illustrate the benefits for operations.

Author: Jan-Philipp Liersch, Head of Marketing, Mitsubishi Electric Europe B.V. Industrial Automation

contact

Mitsubishi Electric Europe B.V.
Niederlassung Deutschland

Mitsubishi-Electric-Platz 1
40882 Ratingen
GERMANY
+49 2102 486-0
mitsubishi-automationmeg.mee.com
https://de.mitsubishielectric.com/fa
Mitsubishi Electric in Social Media:
Share
Future-proof machine visualization

Future-proof machine visualization

Weidmüller’s new HMI solution combines modern touch panels with Web HMI to create an intuitive operating device.

Intelligently design, configure and order

Intelligently design, configure and order

New tool for Hiwin electric cylinders.

New and enhanced features, improved data security

New and enhanced features, improved data security

Akytec has announced a number of important updates for its free cloud solution.

AI-ready right at the edge

AI-ready right at the edge

Siemens Industrial Automation DataCenter with accelerated AI computing power and advanced AI-specific cybersecurity.

Digital control cabinet construction with an efficiency advantage

Digital control cabinet construction with an efficiency advantage

How the new online Weidmüller Configurator reduces costs and alleviates the shortage of skilled workers.

Even more creativity

Even more creativity

New practical features and AI integration

New practical features and AI integration

Making drive technology tangible

Making drive technology tangible

AI as a driver

AI as a driver

drivesweb.com – intelligence in motion

components

Smart Monitoring made easy

Smart Monitoring made easy

Cost-efficient and easy to use

Cost-efficient and easy to use

Avoid downtime, make plant condition transparent

Avoid downtime, make plant condition transparent

control

drives technology newsletter

monitoring

People and Markets