Last edit: 26/07/2023
ISO/TR 22100-4: 2018 – Safety of machinery — Relationship with ISO 12100 — Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects.
Introduction
The Technical Report is part of a series of 5 documents that help the machinery manufacturer to better perform the Risk assessment of its products. In other terms they are good documents to be used with ISO 12100.
ISO/TR 22100-1: 2015 – Safety of machinery — Relationship with ISO 12100 — Part 1: How ISO 12100 relates to type-B and type-C standards.
ISO/TR 22100-2: 2013 – Safety of machinery — Relationship with ISO 12100 — Part 2: How ISO 12100 relates to ISO 13849-1.
ISO/TR 22100-3: 2016 – Safety of machinery — Relationship with ISO 12100 — Part 3: Implementation of ergonomic principles in safety standards
ISO/TR 22100-5: 2021 – Safety of machinery — Relationship with ISO 12100 — Part 5: Implications of artificial intelligence machine learning
The primary purpose of ISO TR 22100-4 is to address aspects on safety of machinery that might be affected by IT security attacks related to the direct or remote access to a safety-related control system by persons for intentional abuse (unintended uses).
With European support for Industry 4.0, IT security attacks are increasingly becoming a threat to the safety of machinery. Although intentional abuse falls outside the scope of ISO 12100 and the risk assessment process, it is recommended that machinery manufacturers consider such threats.
IT security risk assessment is now mandatory with the new text of The Machinery Regulation, due to come into effect in January 2027. EHSR 1.1.9 details the new prescriptions.
Current technologies enable machinery suppliers to monitor and/or improve machine performance remotely by adjusting parameters without having to be on site at the machine. This ability provides considerable benefits as machinery can be kept operating without the downtime and associated costs of a field service person making a service call. However, this same capability to adjust machine parameters to improve performance lends itself to the possibility for other persons with nefarious or criminal intent to make adjustments that can put workers and others at risk of harm.
For example, speeds or forces could be adjusted to dangerous levels, temperatures could be lowered below a kill step level resulting in food contamination, or error codes or messages could be erased or falsified.