IEC 62443 in Robotics: Cybersecurity for Connected Fleets

The IEC 62443 series of standards deals with the security of industrial communication networks and IT systems. While classical IT security (ISO 27001) focuses on data protection, IEC 62443 focuses on the availability and integrity of physical processes. For operators of robot fleets, this means: a hacked robot is not only a data leak, but a potential safety risk for employees and infrastructure.

In modern robotics, devices are no longer isolated. They communicate with elevators, doors, and ERP systems such as SAP EWM or hotel management software such as Opera PMS. Each of these interfaces is a potential point of attack. werob acts here as a hardware-agnostic systems integrator that ensures that the over 44 OEM partners in the catalog are integrated not only functionally, but also securely from a network perspective. Without a standard such as IEC 62443, companies risk that a single vulnerability in a robot endangers overall operational safety.

Complexity increases when different manufacturers are combined in one fleet. This is where the werob platform comes in: the Spec Engine translates operational requirements into technical specifications that already take into account the necessary security zones according to IEC 62443. This reduces the risk of misconfigurations and ensures that the fleet is resilient against external attacks from the start.

A decisive turning point for all operators in Europe is 20 January 2027. On this day, the EU Machinery Regulation 2023/1230 becomes binding. It replaces the old Machinery Directive and for the first time imposes explicit cybersecurity requirements on machines. Robots placed in operation after this date must demonstrate that they are protected against corruption and unauthorized access, insofar as this could impair the safety of the machine.

IEC 62443 serves here as a harmonized standard for demonstrating conformity with the regulation. werob offers the necessary compliance path for operators wishing to deploy robots from Asian or American OEMs. Since many of these manufacturers do not maintain direct branches for conformity assessments in the EU, werob, as a local systems integrator, takes responsibility for regulatory protection. This is particularly critical for industries such as care or logistics, where failures have direct economic or human consequences.

Anyone who ignores the requirements of the EU Machinery Regulation risks not only fines from 2027, but also the loss of operating approval for their robot fleet. Integration via werob ensures that all regulatory hurdles are cleared in advance, so that the focus can be on operational relief.

Cybersecurity is often seen as a cost factor, but reality shows that the costs of an outage are much higher. Let us consider a logistics center with a yard patrol. The verified cost relief through such a robot is EUR 68,000 per year. A one-week outage due to a cyber attack not only destroys productivity, but causes additional costs for emergency personnel and system recovery.

In care, the risk is even clearer. An automated medication round relieves a location by EUR 92,000 per year. If these systems are compromised due to a lack of protection according to IEC 62443, patient care is at stake. werob minimizes this risk through the Live Cockpit, which uses a four-dimensional traffic light system. Not only hardware and infrastructure are monitored, but also regulatory compliance and the integrity of the specification are checked in real time.

werob's commercial model is outcome-only. This means that operators only pay when the robot runs productively and safely. This orientation forces us as integrators to consider cybersecurity as a core component from the start, as an insecure system cannot deliver a stable result.

IEC 62443 recommends a defense-in-depth concept in which multiple security layers are combined. In the werob architecture, this starts with the Connectors. These pre-built integrations into the operator stack (such as PointClickCare, MatrixCare, or SAP EWM) act as secured gateways. Data is transmitted encrypted and access rights are strictly granted according to the principle of least privilege.

Another aspect is the segmentation of the network into zones and conduits. A robot in the hotel industry responsible for room service (cost relief EUR 112,000 per year) should not have access to the hotel's accounting system. The werob platform ensures that communication between the robot and Opera PMS takes place via defined and monitored channels. This prevents an attacker from moving laterally in the network if an endpoint is compromised.

Through the use of the werob Spec Engine, these security architectures are automatically created in the planning phase. Within 48 hours, operators receive a ready-to-deploy specification that takes into account all requirements of IEC 62443. This drastically shortens the discovery phase, which usually takes three to six months in the industry, while increasing the security level.

Many companies underestimate the effort involved in securing a robot fleet. A single OEM can only guarantee the security of its own device. However, the operator is responsible for the security of the entire system. This is where werob steps in as a systems integrator. We rank over 280 different robots against the customer's specific requirements and also evaluate their suitability for an IEC 62443-compliant environment.

Especially with humanoids from partners such as Apptronik, Figure AI, or Unitree, integration is complex. These highly developed systems generate enormous amounts of data and need a stable, secure connection to the cloud or local servers. werob ensures that these connections comply with European data protection standards (GDPR) and industrial safety standards. As a single point of contact, werob handles the coordination between the various OEM partners and the operator's IT department.

This hardware-agnostic approach prevents vendor lock-in and enables operators to always choose the best technology for their task without having to develop new security concepts each time. The werob platform offers a consistent operational layer that unifies security and compliance across the entire fleet.

Security is not a static state, but a continuous process. The werob Cockpit is the central tool for fleet management and security monitoring. It offers a real-time view of all active robots in the 11 European countries where werob is operationally active. The integrated traffic light system warns immediately when a device deviates from its defined behavior pattern, which can be an indicator of a cyber attack or a technical malfunction.

In the event of a security warning, the Cockpit enables a quick reaction. Affected robots can be isolated or deactivated remotely to prevent further damage. This ability for quick incident response is a core requirement of IEC 62443 and the NIS2 directive. Since werob has the goal of having over 2,000 robots in the field by 2028, this automated monitoring is essential for scalability.

In addition, the Cockpit provides detailed audit logs that are essential for compliance checks and certifications. Operators can demonstrate at any time who accessed which systems and when, and that all security updates were applied in a timely manner. This significantly reduces the administrative effort for compliance departments.

A common weak point in robotics is proprietary interfaces that have to be laboriously programmed by hand. werob solves this problem through standardized Connectors. Whether PointClickCare in care, Mews in the hotel industry, or SAP EWM in logistics - integration takes place via validated paths that have already been checked for security.

This standardization has two advantages: first, it speeds up implementation to just eight weeks from initial contact to the robot in use. Second, it minimizes the risk of security gaps that often arise with individual software customizations. Each integration follows the best practices of IEC 62443 for data exchange between different system levels.

For an operator, this means: they do not have to worry about the technical details of encryption or authentication. werob delivers a turnkey solution that fits seamlessly into the existing IT landscape while adhering to the highest security standards. This is an essential part of our promise to efficiently and securely translate an operator's workflow into a robot specification.

The process begins with the werob Spec Engine. Within 48 hours, your workflow is translated into a precise specification that already takes into account all regulatory requirements such as the EU Machinery Regulation 2023/1230 and IEC 62443. In the next step, the Supplier Match takes place, in which suitable robots are selected from over 44 OEMs. After five days, you receive a binding offer.

Implementation takes place within eight weeks. During this time, the necessary connectors are configured and the security zones in your network are set up. Since werob pursues an outcome-only model, you bear no financial risk during the build phase. You only pay when the robots safely and reliably fulfill their tasks.

In a time of acute skilled labor shortage, robotics offers an enormous opportunity for cost relief - whether through EUR 54,000 in savings on breakfast preparation in the hotel or EUR 76,000 through tray robots in gastronomy. With werob, you ensure that these innovations rest on a secure foundation and can also withstand the regulatory requirements in Europe in the long term.