CRA Compliance Solution: netX Hardware-Level Security Defense
In an increasingly connected world where cyberattacks are becoming more sophisticated, the European Union set new standards for cybersecurity in 2019 with the Cyber Resilience Act (CRA).
This regulation aims to minimize security risks and establish binding requirements for manufacturers, integrators, and operators. Companies in the automation and manufacturing industries are particularly affected, as their systems are increasingly networked and software-driven.
The CRA came into force at the end of 2024, and many companies are already working intensively on its implementation.
![CRA]( "CRA")
The costs and effort for implementing the CRA cannot be generalized, as they depend heavily on how early companies have integrated security-by-design into their development processes. Companies already applying secure architectural principles will face less adjustment than those just beginning to retrofit cybersecurity.
In terms of competitiveness, there is a clear divide: machines and devices that are not cyber-secure will face massive disadvantages in the market. Customers and operators will increasingly rely on certified, CRA-compliant products to minimize regulatory risks.
![CRA]( "CRA")
One example is our netX 90 communication controller, which already integrates comprehensive security mechanisms. This enables secure communication solutions to be implemented directly—a clear advantage over older chip generations that lack or only partially support such functionality.
But it’s not just products that are affected—existing network technologies must also be reconsidered. Fieldbus technologies, traditionally designed for isolated systems, are now considered inherently insecure under the new regulations and are difficult to make CRA-compliant. Companies will be forced to establish secure network architectures, such as firewall solutions, network segmentation, and strict access controls. In many cases, a complete transition to more secure, IP-based communication technologies will be necessary.
Those who adopt secure architectures, modern security mechanisms, and upgradability early will gain a clear long-term market advantage.
“The netX 90 chip generation that is already in use and well-established in the industry meets all current security requirements,” asserts the CTO. “Advanced security mechanisms are integrated into the chip.” These network processors are specifically designed to meet the security standards of IEC 62443 and the Cyber Resilience Act, providing a solid foundation for making communication within industrial IoT secure.
“Our netX 90, for example, includes secure boot mechanisms. Firmware can be signed on the application side, ensuring that no malicious software can be loaded,” explains the 42-year-old manager. The security issue is becoming more and more important in all product areas. Hilscher aims to ensure that all future security standards are met, including new security mechanisms for various communication protocols.
Hilscher takes it a step further with the new netX 900 generation. These secure gigabit communication processors integrate security mechanisms at various levels while offering high performance with low power consumption. The security management processing includes features such as Secure Debug, unique ID, key management, certificate management, lifecycle management, and a crypto engine.
“Security on the fly is integrated even in the data path, and done so effectively without compromising data transfer speed,” affirms T. Rauch. “The netX 900 features its own security processor with crypto engines.” He highlights that the new generation of communication controllers represents a highly optimized and coordinated combination of hardware and software.
“We have also integrated all secure boot mechanisms for the stacks,” he emphasizes. “When we develop communication controllers, we consider all requirements in detail. Attack vectors can already be embedded in the ROM code.” He continues, “As a comprehensive communication expert, we have everything under control and can address vulnerabilities at the most effective level.” These integrated technologies enhance security according to current standards, meet the requirements of IEC 62443, and even take into account secure data disposal during decommissioning. The user organization’s security standards are integrated.
The development of secure communication controllers like the netX 900, which offer secure boot and firmware signing capabilities, represents an important step in protecting industrial communication devices from unauthorized access. The first samples of the netX 900 family will be available at SPS 2024. Hilscher also places great importance on resilient supply chains: “We source the semiconductor chips we use, featuring 22-nanometer technology, from TSMC. These will soon be manufactured in Dresden and Japan. This ensures long-term supply chain security.”
In an increasingly connected world where cyberattacks are becoming more sophisticated, the European Union set new standards for cybersecurity in 2019 with the Cyber Resilience Act (CRA).
This regulation aims to minimize security risks and establish binding requirements for manufacturers, integrators, and operators. Companies in the automation and manufacturing industries are particularly affected, as their systems are increasingly networked and software-driven.
The CRA came into force at the end of 2024, and many companies are already working intensively on its implementation.
The costs and effort for implementing the CRA cannot be generalized, as they depend heavily on how early companies have integrated security-by-design into their development processes. Companies already applying secure architectural principles will face less adjustment than those just beginning to retrofit cybersecurity.
In terms of competitiveness, there is a clear divide: machines and devices that are not cyber-secure will face massive disadvantages in the market. Customers and operators will increasingly rely on certified, CRA-compliant products to minimize regulatory risks.
One example is our netX 90 communication controller, which already integrates comprehensive security mechanisms. This enables secure communication solutions to be implemented directly—a clear advantage over older chip generations that lack or only partially support such functionality.
But it’s not just products that are affected—existing network technologies must also be reconsidered. Fieldbus technologies, traditionally designed for isolated systems, are now considered inherently insecure under the new regulations and are difficult to make CRA-compliant. Companies will be forced to establish secure network architectures, such as firewall solutions, network segmentation, and strict access controls. In many cases, a complete transition to more secure, IP-based communication technologies will be necessary.
Those who adopt secure architectures, modern security mechanisms, and upgradability early will gain a clear long-term market advantage.
“The netX 90 chip generation that is already in use and well-established in the industry meets all current security requirements,” asserts the CTO. “Advanced security mechanisms are integrated into the chip.” These network processors are specifically designed to meet the security standards of IEC 62443 and the Cyber Resilience Act, providing a solid foundation for making communication within industrial IoT secure.
“Our netX 90, for example, includes secure boot mechanisms. Firmware can be signed on the application side, ensuring that no malicious software can be loaded,” explains the 42-year-old manager. The security issue is becoming more and more important in all product areas. Hilscher aims to ensure that all future security standards are met, including new security mechanisms for various communication protocols.
Hilscher takes it a step further with the new netX 900 generation. These secure gigabit communication processors integrate security mechanisms at various levels while offering high performance with low power consumption. The security management processing includes features such as Secure Debug, unique ID, key management, certificate management, lifecycle management, and a crypto engine.
“Security on the fly is integrated even in the data path, and done so effectively without compromising data transfer speed,” affirms T. Rauch. “The netX 900 features its own security processor with crypto engines.” He highlights that the new generation of communication controllers represents a highly optimized and coordinated combination of hardware and software.
“We have also integrated all secure boot mechanisms for the stacks,” he emphasizes. “When we develop communication controllers, we consider all requirements in detail. Attack vectors can already be embedded in the ROM code.” He continues, “As a comprehensive communication expert, we have everything under control and can address vulnerabilities at the most effective level.” These integrated technologies enhance security according to current standards, meet the requirements of IEC 62443, and even take into account secure data disposal during decommissioning. The user organization’s security standards are integrated.
The development of secure communication controllers like the netX 900, which offer secure boot and firmware signing capabilities, represents an important step in protecting industrial communication devices from unauthorized access. The first samples of the netX 900 family will be available at SPS 2024. Hilscher also places great importance on resilient supply chains: “We source the semiconductor chips we use, featuring 22-nanometer technology, from TSMC. These will soon be manufactured in Dresden and Japan. This ensures long-term supply chain security.”
