How to make industrial networks more resilient

Increasing digitalization boosts industrial efficiency and flexibility, but it also makes modern production facilities more vulnerable to attacks. Cyberthreats now target not only IT systems but also operational technology. To ensure adequate protection, an expanding set of standards and legal requirements has been established.

Among the key regulatory frameworks is the IEC 62443 series, which defines requirements for components, systems, and processes in industrial automation. European legislation such as NIS 2 and the Cyber Resilience Act (CRA) adds further obligations, requiring operators and manufacturers to implement verifiable security measures.

Moreover, NIS 2 extends responsibility beyond critical infrastructure to much of the industrial value chain. While the CRA covers the cybersecurity of digital products throughout their lifecycle. Together, these requirements aim to make industrial networks more resilient and ensure their continuous availability.

Securely developed devices with comprehensive security functions

Industrial networks contain many components, each with its own security role. Manufacturers like Phoenix Contact provide solutions developed with secure processes and equipped with comprehensive security functions. Managed switches form the communication backbone by handling segmentation, prioritization, and data‑traffic stability. Security routers with firewall functions protect zone boundaries and control access.

In addition, wireless infrastructures, from industrial WLAN access points to cellular routers, enable flexible applications and remote access but also introduce additional attack vectors. Because many of these devices operate for long lifecycles in heterogeneous systems, misconfigurations, unsecured interfaces, or missing firmware updates can create critical vulnerabilities over time in industrial network security.

Diverse requirements for network components

Certified network components strengthen industrial cybersecurity by helping achieve the security levels defined in IEC 62443. For network devices, this includes secure management access, role‑based user control, encrypted communication, firmware integrity checks, and traceable logging of security events.

Furthermore, hardening measures, such as disabling unnecessary services, blocking brute‑force attacks, and using secure update mechanisms, significantly increase protection. Only with these capabilities at the device level can operators effectively implement the zone and line models described in the standard IEC 62443 security levels.

Machine builders and system manufacturers particularly benefit from these functions. Modern production cells are designed as separate security zones with strictly defined communication paths. Within these zones, managed switches not only handle switching but also separate machine components via VLANs, prioritize time‑critical protocols like Profinet or EtherNet/IP, and support ring redundancy for high availability. In addition, Security routers at zone boundaries enforce these communication rules using stateful firewalls. Operators temporarily enable remote service access through IPsec or OpenVPN tunnels with unique authentication. Furthermore, they log when connections are active and which controllers are accessed, strengthening overall network zone security

Comprehensive protection of critical infrastructure and older systems

Public infrastructure and critical supply networks face even stricter requirements. Security teams protect the control room, remote control, and field levels against both external attacks and misconfigurations, ensuring stronger industrial network defense. Managed switches help by allowing only authorized devices to access specific ports, using port security, 802.1X, or MAC filters, which makes Layer‑2 manipulation harder. Time‑stamped logs and integration with central Syslog or SIEM systems enable control centers to track security‑related events industrial cybersecurity monitoring.

A third common scenario is retrofitting older systems. Many control systems were developed without security in mind and therefore lack encrypted protocols and modern authentication. Operators use certified security routers as an upstream protective layer to isolate these components. Typical measures include strict allowlists for permitted connections, defined engineering access, and limiting remote access to specific maintenance windows. Combined with switch functions like port security, this approach reduces the attack surface without requiring major changes to the existing automation infrastructure legacy system security.

Collaboration based on clear processes

Certified devices alone are not enough; they only reach their full potential within a coordinated system architecture based on IEC 62443 principles such as defense in depth, zoning, defined communication paths, and consistent hardening. Moreover, all stakeholders, operators, integrators, and manufacturers must follow clear processes and a shared understanding. Companies like Phoenix Contact support this by pairing certified products with secure development practices, solution architectures, and incident‑response structures.

Operators gain end‑to‑end security concepts that extend beyond individual devices. IEC 62443 helps them comply with new legal requirements, including the Cyber Resilience Act, since it already addresses many of those obligations IEC 62443 alignment

Industrial cybersecurity is an ongoing process, not a fixed state. Certified components provide a strong foundation by enabling networks built to recognized standards, reducing threats, and supporting regulatory compliance. As digitalization and standardization increase, certified security components have become essential for stable industrial value creation industrial cybersecurity foundations.

Read more about Industrial security.