Key Takeaways
- EtherCAT technology, as tested by UL Solutions, already satisfies IEC 62443 Security Level 2 requirements without any hardware modifications.
- The IEC 62443 family (especially IEC 62443‑3‑3) serves as the technical foundation for the upcoming European Cyber Resilience Act.
- Higher security levels can be reached on EtherCAT solely through targeted software enhancements; no changes to the physical layer or devices are required.
- UL mapped over 100 System Requirements (SR) from IEC 62443‑3‑3 to three representative EtherCAT system architectures and threat scenarios, confirming strong baseline compliance.
- Industry experts highlight EtherCAT’s “security‑by‑design” nature as a rarity among legacy industrial protocols, bridging the historic gap between IT and OT security postures.
- The findings provide a concrete basis for the EtherCAT Technology Group’s forthcoming recommendations and specifications for manufacturers and users.
- The content is supplied under the standard disclaimer of TIM Global Media, with suppliers warranting non‑infringement of third‑party rights.
Overview of UL Solutions Testing and Core Findings
UL Solutions conducted a comprehensive assessment of EtherCAT technology against the IEC 62443 cyber‑security framework for industrial control systems. The testing, performed in strict accordance with IEC 62443‑3‑3, yielded certificates and reports confirming that EtherCAT already meets the Security Level 2 (SL‑2) criteria without any alterations to the underlying hardware. This outcome underscores EtherCAT’s built‑in resilience to cyber threats commonly encountered in industrial environments, positioning it as a protocol that can be deployed today with confidence regarding baseline cyber protection.
Relation to IEC 62443 and the European Cyber Resilience Act
IEC 62443 is widely recognized as the international benchmark for securing industrial automation and control systems. Within this family, IEC 62443‑3‑3 defines the system‑level security requirements that guide risk assessment and mitigation strategies. The European version of IEC 62443 is slated to become the technical backbone of the forthcoming European Cyber Resilience Act, which will mandate cyber‑risk management for critical infrastructure. Because EtherCAT demonstrably complies with IEC 62443‑3‑3 at SL‑2, it is already aligned with the regulatory expectations that will soon be enforced across the EU, giving manufacturers a clear pathway to future conformity.
Hardware Independence and Software‑Driven Hardening
A pivotal insight from the UL investigation is that achieving SL‑2 compliance does not necessitate any hardware redesign. EtherCAT’s physical layer and device firmware already incorporate security mechanisms—such as authenticated communication, integrity checks, and access control—that satisfy the baseline SL‑2 controls. For organizations seeking higher security postures (e.g., SL‑3 or SL‑4), the report indicates that targeted software enhancements—like strengthened encryption, refined user‑role management, and advanced intrusion‑detection logic—are sufficient. This flexibility allows end‑users to scale security incrementally without incurring costly hardware replacements or lengthy re‑qualification cycles.
Evaluation Methodology: Mapping System Requirements to Scenarios
To substantiate its conclusions, UL mapped more than 100 individual System Requirements (SR) from IEC 62443‑3‑3 to three representative EtherCAT system architectures, each reflecting a distinct threat scenario typical of industrial settings (e.g., plant‑floor automation, motion‑control networks, and distributed I/O infrastructures). For each scenario, analysts evaluated the degree to which EtherCAT’s native features satisfied the corresponding SRs, documenting compliance, partial compliance, or gaps. The exhaustive mapping revealed that the majority of SRs were fully met out‑of‑the‑box, with only a limited set requiring supplemental software controls to reach full conformity. This systematic approach provided a transparent, repeatable basis for the security claims made in the UL certificates.
Perspective from UL Solutions Security Advisor
Alexander W. Koehler, Principal Security Advisor for Cybersecurity at UL Solutions, praised EtherCAT’s security posture, noting that the protocol exhibits “security capabilities and enablement‑by‑design as well as hardware‑implemented security, which is second‑to‑none in the category of industrial protocols.” He contrasted the historical disconnect between IT and OT security—where IT requirements often stem from short product lifecycles of office equipment while OT systems endure decades of service—highlighting that many legacy industrial products lack adequate security. EtherCAT, he argued, stands out as a positive exception, offering a robust foundation that can be leveraged to harmonize IT and OT security practices without forcing a complete overhaul of existing installations.
Insight from the EtherCAT Technology Group Chair
Dr. Guido Beckmann, Chair of the Technical Committee of the EtherCAT Technology Group (ETG), echoed the UL findings, stating that the extensive investigations confirm the ETG’s own assessment: EtherCAT already delivers a high level of cyber‑security protection for today’s industrial applications. He emphasized that the tested and documented features and measures form the basis for the recommendations and specifications the ETG is developing for manufacturers and users. According to Dr. Beckmann, the results will guide the evolution of EtherCAT‑based products, ensuring that future releases continue to meet—and where possible exceed—emerging cyber‑resilience standards while preserving the protocol’s real‑time performance advantages.
Disclaimer and Closing Remarks
The material presented herein is published by TIM Global Media and may include text, images, or videos created in‑house or supplied by approved manufacturers and suppliers. Those suppliers warrant that their content does not infringe any third‑party intellectual‑property rights and agree to indemnify TIM Global Media against related claims. In summary, the UL Solutions validation demonstrates that EtherCAT’s intrinsic security architecture satisfies current IEC 62443‑SL‑2 requirements, can be aligned with forthcoming European cyber‑resilience legislation, and offers a clear, software‑centric path to higher security levels without hardware changes. This positions EtherCAT as a forward‑looking, secure choice for industrial automation projects seeking both performance and resilience.