• Products
  • Industries
  • IIoT & Solutions
  • Service
  • Company
  1. IIoT devices
  2. Cyber security

Cyber security

The security functionalities of the IIoT devices are based on the requirements of BSIand IEC 62443-4-2.

The ifm IIoT controller is a freely programmable and thus very flexible product with a high degree of connectivity. Despite the wide range of supported protocols, the user is always in full control for comprehensive cyber security.






Restricted data flow

IIoT controller

  • HardenedYocto-Linux distribution
  • Convenient update of the complete system(recovery system)
  • Backup & restore of thesystem configuration
  • User managementvia CODESYS
  • Individual rights management for both the programming systemand the runtime system via CODESYS
  • Authentication to external cloud
  • Browser-based access to web visualisation via TLS-secured connection
  • Cloud communication only via TLS-secured connection
  • Identification of data sources in the cloud according to a readable name scheme
  • Separation of IT and OT networks using separate network connections
  • Communication of the software components via standard protocols (messaging/REST)


CODESYS Development System

  • Encryption of the application source code:
    Protect your application know-how with a password, dongle or X.509 certificates.
  • User management on the project level:
    Determine in detail the users authorised to read or write specific objects of your source code.
  • Encrypted communication between the CODESYS Development System and the controller:
    Use your automation device to protect data exchange against unauthorised access.

CODESYS Application Code

  • Access restrictions via application:
    Use a library to define at runtime when specific critical operations must not be performed.
  • Enable additional functions:
    Determine in detail the users authorised to execute or operate specific functions of the application.

CODESYS Visualization

  • User management for visualisations:
    Determine in detail whether a user is authorised to read or execute certain visualisations.
  • Encrypted communication for CODESYSWebVisu:
    Protect the data exchange between controller and browser.

CODESYS Runtime System

  • User management for controller access:
    Avoid risk of failure by clearly defining which user of the controller is authorised to start and stop the application or execute additional online functions.
  • Encryption and signing of executable application code:
    Protect your application against unauthorised reproduction or modification by means of a dongle or X.509 certificates.
  • Operation modes for executable application code:
    Protect yourself against unintentional operations on the running machine.
  • Interactive login on the target device:
    Avoid unintentional access to controllers in the network.
  • Easy exchange or recovery of controllers:
    Exchange failed systems and easily install a previously created data backup.
  • Encrypted OPC UA communication:
    Avoid unauthorised access to data provided by the CODESYS OPC UA server.

CODESYS Automation Server

  • Encapsulation of devices in the local network:
    Data exchange with the server exclusively via CODESYS Edge Gateway.
  • Encrypted communication:
    Data exchange between server and CODESYS Edge Gateway provides end-to-end encryption data via TLS based on X.509 certificates.
  • Reliable user and rights management:
    Access to objects and information can be finely adjusted by means of object properties and user favourites – user favourites are secured in addition by two-factor authentication.
  • Complete transparency of actions:
    Recording of access events and changes via audit trail.
  • Protection of know-how:
    Signing/encrypting of source and compiled binary code via X.509 certificate, dongle or password.
  • Certified security:
    Regular security audits by external auditing agencies.