EtherCAT & Cybersecurity

Integrated Security for Industrial Networks

With increasing regulatory requirements such as the Cyber Resilience Act (CRA), cybersecurity is becoming increasingly important in industrial communication. EtherCAT offers a decisive advantage here: The technology is inherently robust against cyberattacks and already meets the requirements of international standards such as IEC 62443.

Why EtherCAT inherently meets security requirements

Unlike many other fieldbus and Industrial Ethernet systems, EtherCAT does not rely primarily on downstream IT security measures, but on a secure system architecture:

• Minimized attack surface through hardware-based frame processing without a traditional software stack
• No IP-based communication – protection against typical malware attacks
• Clear communication hierarchy: Frames can only be generated by the MainDevice
• Effective detection of manipulations in topology and devices
• Many types of attacks, such as DoS, are ineffective

These features prevent numerous attack scenarios right from the outset – without adding complexity or compromising performance.

Compliance with international security standards

EtherCAT systems already meet the requirements of Security Level 2 according to IEC 62443-3-3 – without any modifications to the protocol.

• Assessed and certified by independent testing bodies (including UL Solutions)
• For higher security requirements (Security Level 3), only software extensions are necessary
• No changes to existing hardware required

This makes EtherCAT ideally prepared for future regulatory requirements such as the CRA.

Security without compromising on performance or complexity

Other approaches follow two strategies: Either the network must be physically shielded (“Secure Cell”) so that no one – not even operating personnel – can access the network and its components. Alternatively, additional security mechanisms are implemented, up to and including comprehensive encryption in each individual device. This is then associated with:

• greater system complexity
• complex certificate management
• reduced performance

EtherCAT takes a different approach:
As much security as necessary – with maximum efficiency and ease of use.

For applications with exceptionally high security requirements, EtherCAT is extended with additional security features such as authenticated, quantum-secure encryption in a backward-compatible manner – without any complex certificate management.