Industrial data networks and connected devices are subject to cyber threats. Knowing the vulnerabilities is important to protect the systems. The design, location of use, commissioning, operation and maintenance of the system must consider numerous details and dependencies to achieve the required security level. Industrial systems typically use old and new systems and devices, different control systems and several DCS, SDACA and PLC cybersecurity levels. In cybersecurity, threat scenarios and protection methods are constantly changing, and therefore it is important to follow developments in the field and announcements from security authorities and manufacturers.
ELLEGO™ designs and manufactures devices used in electrical systems. Depending on the application, the devices are power supplies, battery chargers, DC-UPS devices, current supplies, or customized DC solutions. From a cybersecurity perspective, our devices are network edge devices, which are typically connected to a local control room. The cybersecurity features of our devices are implemented according to IEC 62443 security class 1 and embedded device type using wired TCP/IP/Ethernet connections. The main components and software of our devices are designed and manufactured in Finland. Some of our devices are implemented entirely with analog electronics, making them suitable for applications requiring high cybersecurity in the absence of digital cyber threats.
The application, local point of use, data network, and cybersecurity architecture determine several critical system features, such as the required security level, device interfaces, data transfer protocols, and physical protection on site. ELLEGO™ devices are adapted to local needs, and therefore our customers’ security requirements and system-level specific features are welcome topics for discussion. We share system-level recommendations for the integrators.
ELLEGO™ follows generally accepted cybersecurity principles, the most important being the EU CRA regulation, the IEC 62443-4 standard, IACS UR E27, the EU NIS2 directive, and the Finnish cybersecurity law. During the device design phase, we create application-specific threat models to select appropriate protection methods, apply proven protection methods, and verify the effectiveness of the protections. We have the process and reporting procedures for handling possible deviations and vulnerabilities. When necessary, we produce security bulletins and report on the progress of ongoing measures, and we cooperate with security authorities.
Please send cybersecurity-related inquiries and vulnerability reports to cert@ellego.fi
