Site Search
Semiconductor business menu
Semiconductor business
HOME
Macnica 's
Products & Services
Technical Information
Case Study
event·
seminar
Handling Manufacturer
Support

Narrow down by specifying conditions

現在2149件がヒットしています。check

New article
foundation
design
product pick up
Product Security Design Utilizing Industrial PCs (IPCs): Why Adopting IEC 62443-4-2 Compliant Products is Important Now
Product Pickup Terminal Security

*The term "industrial PC (IPC)" used in this article includes not only finished products that are installed directly on-site, but also industrial PC platforms intended for integration into products, such as Box PCs, Embedded PCs, and CPU modules.

In recent years, incorporating security features into products is no longer limited to specific industries or applications. As product configurations that rely on external connectivity become commonplace, the need has moved beyond simply "implementing minimum security measures" to product development that incorporates security requirements from the initial design stage. Meanwhile, as exemplified by the EU Cyber Resilience Act (CRA), cases where security compliance is required by law have already become a reality. The CRA came into effect in December 2024, with the main obligations taking effect from December 2027 and the vulnerability reporting obligation from September 2026. Therefore, for manufacturers targeting the European market, security compliance is no longer a "future challenge," but is becoming a prerequisite that must be incorporated into design and procurement decisions now.

Thus, in current product development,
Security as a means of regulatory compliance
Security as part of product quality and reliability
In addition,
- Security for procurement requirements and customer explanations
This perspective can no longer be ignored, especially in the industrial sector. IEC 62443 It is likely that the status of series compatibility and the presence or absence of third-party certification will increasingly influence product adoption and accountability within the supply chain.

The reality of integrating security into products: From CRA compliance to general security.

While compliance with standards and regulations such as CRA and IEC62443 is attracting attention, the importance of security is not determined solely by whether or not there are regulations. However, CRA is particularly important for equipment manufacturers because it imposes cybersecurity requirements on products with digital elements, encompassing design, development, maintenance, and vulnerability response. The main obligations will be applied from December 2027, but it will be too late to respond at that point; in reality, preparations should begin from the design, component selection, and evaluation stages. Considering vulnerability response throughout the entire product lifecycle and explainability including procured components, security response should be viewed not only as the implementation of individual functions, but as a design issue for the entire development process.

On the other hand, even for products that are not directly required to comply with legal regulations such as CRA, there is a definite increase in cases where security cannot be ignored due to demands from customers, business partners, and system owners. Rather than adding elements such as encryption, authentication, secure boot, and vulnerability countermeasures as afterthoughts, it is necessary to decide at which layer security will be ensured from the design stage. As a criterion for making such decisions, IEC 62443-4-2, which organizes the technical security requirements required for components, is a valid reference point regardless of whether or not regulatory compliance is required.

From device-centric design to industrial PC-centric design.

As mentioned earlier, designing a system that builds security measures starting from device selection is burdensome even with general products, and the burden increases even further when considering CRA compliance.
What needs to be considered here is not "how to implement security measures," but rather the design premise of "at which layer will security be ensured."

Of course, this doesn't mean that the approach of implementing security features starting from the chip or SoC is inherently problematic. It's an effective method when optimization tailored to product characteristics and addressing unique requirements are easy, and when you want deep control in-house. A viable alternative is the approach of considering product security starting from the industrial PC. An industrial PC is not just an SoC alone, but a component that meets certain functional and design requirements. By starting from this layer, security measures can be treated as a prerequisite during selection, rather than something that is "built in later on in-house." This is not to negate chip-based design, but rather to choose a layer that can provide more efficient security depending on requirements, organizational structure, and development schedule.

In other words, manufacturers can more easily clarify what is guaranteed by the components and what is handled by their own products, rather than designing and verifying everything from scratch. As a result, this leads to reduced development costs and man-hours, shorter time required for compliance verification, and easier external explanations. From this perspective, the next section will organize how industrial PCs and embedded modules compliant with IEC62443-4-2 are positioned and what their compliance status is. We will also look at why this information leads to reduced man-hours in product selection, shorter time to market, and improved reliability.

Positioning and compliance status of industrial PCs compliant with IEC62443-4-2

Security-compliant product information

This is a security product information document that summarizes the level of compliance of industrial PCs with IEC62443-4-2. It allows you to view compliance status in a list format, categorized by vendor and product category.

IEC 62443-4-2 is an international standard that defines the necessary security function requirements for components incorporated into control systems, and is increasingly being treated as an indicator highly compatible with CRA compliance and procurement requirements. In the product information shown in the diagram above, the compliance status with IEC 62443-4-2 is organized into Certified, Compliant/Process Certified, Ready, and Not Applicable/No Information. By looking at this classification, you can understand what can be guaranteed by the embedded module and what needs to be supplemented by your own design.

Furthermore, because it allows you to view multiple product categories such as SBC/COM, Box PC/Gateway, PLC, and HMI, the information can be used as a basis for product selection and decision-making at any stage of the process, from the initial design phase to detailed design and procurement considerations.

4-2 Three Benefits of Adopting Certified Products

① Significant reduction in development costs and man-hours
Designing, verifying, and gathering the necessary evidence for security features from scratch in-house is a significant burden. By adopting devices that are IEC62443-4-2 certified or have equivalent security features, you can rely on the performance and evaluation results of the components themselves to some extent, making it easier to reduce the design and verification burden on the higher-level system.

② Shorten the time to market.
Verifying compliance with regulations such as CRA and customer requirements requires not only expertise but also time. By adopting devices that already meet certain requirements, you can reduce the risk of verification and rework in later processes, leading to a faster product launch.

③ Trustworthiness and competitiveness in the global market
IEC 62443 is an international reference standard for the security of industrial control systems. Adopting certified devices provides objective, third-party security assurance, which is effective for explaining to customers and differentiating your products. This explainability becomes a significant competitive advantage, especially in international markets and with large clients.

Summary: Product security design should be considered from the component selection stage.

Integrating security into products has become an unavoidable topic in current product development, not only when compliance with legal regulations such as CRA is required. However, there is no single way to ensure security. One approach is to meticulously build security in-house, starting from the chip or SoC, while another is to utilize IPCs or embedded modules that meet certain requirements. The important thing is not which is absolutely superior, but to determine which layer of security is most rational, taking into account the requirements of your own product, development structure, accountability, and time to market.

Given this background, it becomes crucial to reconsider product security from the perspective of "how to implement it" to "where to ensure it." Industrial PCs with a clear understanding of IEC62443-4-2 compliance are one piece of information that can help in making this decision. By checking this information from the device selection stage, it becomes possible to consider product security design that takes into account the man-hours and explanation burden in later processes.

Inquiry

If you have any questions regarding the industrial PCs mentioned in this article, please contact us using the information below.

Contact Us

Related Information

Accelerate your response to the European Cyber Resilience Act (CRA) with our semiconductor security solutions
Where should I start with CRA countermeasures? - A one-stop consultation service for design, vulnerability response, and handling of old equipment -