Security Level 1 readiness for industrial drives – no hardware changes

Navigating legacy security gaps to meet strict new regulations

Our client is a leading provider of industrial automation technology with a long-standing product portfolio trusted across sectors such as manufacturing, energy, and process industries. Their legacy drive platforms and configuration tools have enabled reliable operations for customers worldwide.

As new EU cyber regulations (Cyber Resilience Act) came into force, the client faced the challenge of certifying legacy industrial drives to comply with IEC 62443 – needed for continued market access.

The existing products relied on industrial communication protocols and a hardware architecture never designed with cybersecurity in mind, elevating both compliance and usability risks.

Our client set a clear goal: achieve Security Level 1 compliance without complex or costly product redesigns, safeguarding market access and daily operability for all users.

Enabling audit-ready cybersecurity for legacy platforms and configuration tools

Proekspert partnered with the client to lead risk analysis and design security features for both legacy platforms and configuration tools.

Our team, drawing on deep embedded systems experience, identified vulnerabilities and implemented security controls directly in the firmware. For the configuration tool, our engineers integrated advanced access controls and secure authentication into the desktop application.

We balanced compliance, usability, and deployment realities across both solutions. For the platforms, we replaced complex certificate-based models with role-based access, robust audit logging, and streamlined password authentication – using Mbed TLS and STM Cryptolib for optimal hardware compatibility.

Throughout, we worked closely with end users and product owners to ensure the final solution supported both remote administration for larger clients and simple local setup for stand-alone applications.

The result: audit-ready security, transparent for certification, and practical for everyday operations.

Results: Delivering pragmatic, hardware-level cybersecurity for legacy platforms

Legacy platforms and configuration tools were upgraded were upgraded with robust security features – role-based access management, reliable audit logging, and streamlined password authentication. The solution passed TÜV SÜD security audit with no major deviations, verifying readiness for Security Level 1 certification under IEC 62443.

Crucially, all compliance upgrades were delivered via software – no hardware redesign, operational disruption, or ballooning production costs. Security settings are fully configurable for global clients and local installers, supporting flexible deployments tailored to each operating context. Proekspert’s approach delivered cost-effective, right-sized upgrades, consistently challenging features that didn’t fit business needs or ROI.

Impact for the client’s business

By modernizing security, our client gained lasting business advantages – not just compliance. 

• Protected revenue and market access: Regulatory compliance secured continued sales in regulated markets, avoiding costly business risks. 

• No hardware redesign needed: Achieved Security Level 1 purely through software upgrades – saving time, cost, and hassle for all stakeholders. 

• Ready for future audits and certifications: Established a repeatable compliance process – future products pass certification faster, with less effort. 

Project duration

1 year+

Technologies

C/C++, Microsoft Foundation Classes (MFC), Windows desktop application, role-based access control, audit logging, IEC 62443 compliance processes, vulnerability and penetration testing tools, Mbed TLS, STM Cryptolib. Threat modeling explored with IriusRisk