Cyber Security

Early detection and assessment of weak points – for a secure supply chain.

Digital products often contain complex components that can have potential vulnerabilities, for example due to human error. We identify vulnerabilities at an early stage and assess them according to international standards such as the CommonVulnerability Scoring System (CVSS). Particularly critical vulnerabilities that are already being actively exploited require rapid action. As a CVE Numbering Authority (CNA), ABB enters vulnerabilities directly into the international CVE database and ensures transparent communication along the entire supply chain.

Transparency regarding the software components used.

The software bill of materials (SBOM) allows tracking of vulnerabilities in third-party components and compliance with license conditions. B&R creates SBOMs for products as part of the secure development process – you can request them from our support team if required.

Know-how for your teams.

B&R offers practical training and online courses, for example covering system hardening and secure development processes with Automation Studio. In this way, youcan strengthen your cybersecurity expertise and fulfill your role in the digital supply chain.

Training courses

Current information and concrete recommendations for action.

Security advisories from B&R provide timely information about new vulnerabilities and offer technical details as well as information about specific mitigation options. Thanks to the close connection to ABB's role as CNA, vulnerabilities can be quickly identified and communicated. In this way, we help you to realistically assess risks and take targeted action.

Security Advisories

Certified processes for maximum security.

Certified development processes in accordance with IEC 62443-4-1 help ensure that our products adress the requirements of the Cyber Resilience Act (CRA) and other industry-specific regulations.

TüV Rheinland certificate    Appendix to certificate

Internal and external tests to maximize robustness.

B&R products undergo comprehensive three-stage testing. This takes place both during product development and on an ongoing basis. Internal testing includes independent threat mitigation, stress tests and fuzzing tests. When testing, ABB's Device Security Assurance Center (DSAC) focuses primarily on load tests, stress tests and robustness against invalid or manipulated data traffic and known attack patterns. In addition, external specialists carry out independent penetration tests on an ongoing basis. These results are incorporated into security advisories, meaning our customers are constantly informed of new security information.

Gain confidence through tested software integrity.

Patch management is a critical moment in the security process. B&R digitally signs all software packages so that their origin and integrity can be verified at any time. This protects your systems from manipulation and malware – especially during updates.

More about Code Signing

Clear guidelines and reference architectures for secure automation.

Our guidelines support machine builders when systematically evaluating their systems to ensure that they are secure. In addition to general and product-specific security measures, we offer access to central support platforms such as Automation Help and integrated assistants such as Copilot in Automation Studio. The reference architecture developed together with ABB colleagues is based on the defense-in-depth principle and increases the resilience of your automation solutions.

Automation help