Industrial Security starts with product development. To ensure that our product solutions at Pilz are Safe and Secure, we take care to establish a holistic product lifecycle, which verifiably takes Security into account within our company. From the PSIRT team, which ensures continuous security management, to Security Advisories and secure processes for the product lifecycle - we are there for you.
Security is a “moving target”, i.e. security changes during a product’s lifecycle. Attackers develop increasingly better methods to overcome defence measures. New vulnerabilities are discovered in products and offer potential for attacks. Or the threat situation changes, due to new software for example.
For this reason, measures against cyber threats or manipulation must be regularly reviewed. The responsibility for this lies primarily with plant operators. Machine builders and component manufacturers should immediately inform the operators about new security problems. Appropriate updates for their device software must be provided so that their customers can fix vulnerabilities. If system integrators are involved in the process, they act as an intermediary between manufacturer and operator. It is important that all involved work in close collaboration throughout the entire product lifecycle.
Pilz is a Safety expert. It's important to us that our products are not only Safe, but also Secure. That's why we commissioned TÜV Süd to scrutinise our development processes and test them on the basis of the standard IEC 62443-4-1, which defines secure product development, the "Security Development Lifecycle Process" (SDL process). This approach examines potential security features, even as a new product is being designed. It is intended to ensure that all of a product's security risks are detected by modelling the threats and, ideally, rectifying them in the product during the development process.
The result of the audit: Pilz's development met the requirements of the standard and complies with the SDL process. So we can now say with certainty: Pilz developments are not only Safe, but also Secure!
According to TÜV Süd, the development of secure products in accordance with IEC 62443-4-1 is taken very seriously at Pilz and creates a solid basis for subsequent product certifications.
Pilz manufactures not just hardware but also software solutions. Security gaps in software cannot be 100 % prevented. It’s important, therefore, that users and administrators are informed about these gaps in a timely manner so that they can take the necessary countermeasures before any damage can occur. Our products and services meet the highest quality requirements. That’s why Pilz takes Security into account even as it develops its own products. However, security gaps in software cannot be 100 % avoided. So we take any reports of potential vulnerabilities very seriously for Incident Management purposes. Users and administrators must be informed about these gaps in a timely manner so that they can take the necessary countermeasures before any damage can occur. This is the only way we can keep the very high quality level of our products. To make this work, it is important to establish an appropriate management system within the company, including a Product Security Incident Response Team (PSIRT). The Pilz PSIRT team issues security advisories to provide recommendations for action that can be used to fix detected vulnerabilities.
Here are the current security advisories.
Pilz GmbH & Co. KG
Felix-Wankel-Straße 2
73760 Ostfildern
Germany
Telephone: +49 711 3409-0
E-Mail: info@pilz.de
Telephone: +49 711 3409 444
E-Mail: support@pilz.com
