Danfoss drives help you comply with cybersecurity requirements

Final EU implementation of the NIS 2 across the different member states is expected in early 2025. With the NIS 2 Act, the owner of an installation assumes responsibility for its resilience to attacks from outside, by specifying the measures to be taken and the security levels.

Here, the standards IEC 62443 introduce a process to identify the 'Security Level' needed and give guidelines on how to achieve the necessary security level to protect the installation adequately.

To achieve the cybersecurity certification and comply with the requirements of NIS 2, Danfoss takes the following steps:

1. Meticulous documentation of all processes from development to production. This includes purchasing components, developing software, creating software tools, and managing production processes. These processes are continuously audited to ensure that no security risks are introduced.
2. Thorough examination of each product to identify potential threats.
3. For every identified threat, Danfoss develops mitigation measures, either through software solutions or special cyberchips that prevent unauthorized access or unauthorized tampering with the installed software.

When Danfoss delivers a product, we have done our outmost to protect your installation but still keep the product simple to use. If your installation is not impacted, you are able to use our product as you have always done. But we still want you to know that our products are designed to be cybersecure.

Danfoss VLT® drives are primarily used to control physical processes in operational facilities. For this reason, Danfoss uses requirements in IEC 62443 to implement products in scope for cybersecurity:

• IEC 62443-3-3: Technical requirements for control systems (where VLT® drives are subcomponents)
• IEC 62443-4-1: Secure product development lifecycle processes (processes for development and manufacturing).
• IEC 62443-4-2: Technical requirements for components (VLT® drives)