Machine Security Training To comply with the Cyber Resilience Act (CRA) and the Machine Regulation 2023/1230, machine builders must implement cybersecurity measures for their machines to achieve CE marking by 2027. In line with the international cybersecurity standard IEC 62443, establishing the zone-and-conduit architecture is a fundamental and essential step in securing your machine.
This is a step‑by‑step hands-on training – guiding you through implementing IEC 62443 zone and conduit best practices – enabling you to quickly apply them to your system.
Your Benefits
- Implement effective security between external networks, operator workstations, HMIs, PLCs, safety systems, IoT devices, remote access, and on‑site service ports.
- Enable machine‑level remote access control instead of cloud-based authorization.
- Apply consistent security for both remote access and on-site service ports.
- Receive practical advice from our network and cybersecurity specialist.
- Achieve ready‑to‑use results that can be quickly integrated into your machine systems.
Training Agenda
8:00 – 12:00
IEC 62443 Zones And Conduits Theory
- What and why IEC 62443 Zones and Conduits
- Machine safety and cybersecurity – prEN50742
- Best practice recommendations
Segment Machine Network Hands-on 1
- Create internal zones using a single Ethernet switch
- Manage internal zones across multiple switches
- Isolate the on-site service port to an untrusted zone
Secure Remote Access To Machine Hands-on 2
- Access to only the required zones – not the entire machine
- Enforce 2FA and strong password policies
- Isolate remote access to an untrusted zone
13:00 – 16:00
Restrict Machine Data Flow Hands-on 3
- Make firewall rules easy-to-read, easy-to-manage
- Implement firewall rules to control internal data flow
- Implement firewall rules to limit external access
Against Unauthorized Human Access Hands-on 4
- Apply deny by default, allow by exception
- Implement user access control and least privileges
- Consistent restrictions for both remote and on-site access
Make The Best Practices Yours Consultation
- Review your system architecture
- How to apply the best practices to your system
- Guidance from our network and cybersecurity specialist
Participants and Place
To ensure the highest training quality, we accommodate up to four participants, organized into pairs. Participants should have basic networking knowledge and prior experience with configuration tasks.
The location is your choice — either at a Phoenix Contact office or at your own facility.
Price and Registration
Price: applied per participant (minimum 2, maximum 4 participants), plus travel costs if travelling to your site. Please contact your sales representative or email obarovsky@phoenixcontact.com, +37069143322 for pricing, further details, and to schedule a suitable date.
Training Outcomes Hands-on Topology. Hands-on Equipment. Practical Advice from Expert.
Why Phoenix Contact
Cybersecurity is a journey and Phoenix Contact is your trustworthy supplier with a leading pace towards NIS2, CRA, IEC 62443. We develop technologies and manufacture security products and use them to secure our worldwide production sites – as well as yours.
Cybersecurity requires a holistic approach. Our 360O security, from product, solution to service, is a fast track for securing your system with Network, Safety, Automation, and IIoT – all from one place.