Cybersecurity for Safety Functions – Protecting Against Corruption in prEN 50742

Modern machines are often described as “safe by design.” And on paper, they usually are.
What the upcoming prEN 50742 adds is a missing but increasingly important layer: how to keep those carefully engineered safety functions effective when software, parameters, and connectivity can be altered, intentionally or by accident.

Why corruption has become a safety topic

prEN 50742 introduces the concept of corruption as any accidental or illegitimate modification of machinery data that could lead to a hazardous situation. This is broader than a classic cyberattack. It includes service mistakes, incorrect parameter downloads, firmware mismatches, or unintended configuration changes just as much as malicious tampering.

The key idea is subtle but important: vulnerabilities themselves do not create new hazards. What they can do, however, is weaken or bypass the risk-reduction measures that already exist. Because of this, the standard focuses on the impact on functional safety, not on guessing attacker motivation or probability.

What actually needs protection?

The starting point does not change: hazards and safety functions are still identified through the familiar EN ISO 12100 risk assessment. prEN 50742 then adds another perspective, looking at where corruption could enter the system

This mainly revolves around three aspects:

• Connections – any physical or logical link capable of exchanging information. This can be obvious interfaces such as fieldbuses or Wi-Fi, but also temporary laptops, USB sticks, SD cards, or cloud services.
• Critical data – safety-related software, parameters, configurations, and safety communication whose manipulation could increase risk.
• Security context – how well the intended installation environment protects the machine, for example through network separation or controlled access.

In practice, only truly isolated machines fall outside this scope. For nearly everything else, connectivity becomes a safety-relevant entry point.

What does protection look like in practice?

Without going deep into the two formal compliance approaches in prEN 50742, the standard translates cybersecurity into a handful of very concrete expectations for designers and manufacturers:

• Identify and secure all interfaces that could influence safety behaviour.
• Record evidence whenever safety-relevant software or parameters are changed.
• Log such interventions automatically and keep traceability over time.
• Ensure that security mechanisms , such as integrity checks or cryptography, do not introduce unsafe delays or side effects.
• Make relevant software versions and configurations easily identifiable for humans, not only for tools.

Behind these measures sits the idea of Safety-Related Security Levels (SRSL), which scale the effort depending on exposure, from isolated systems with minimal requirements to machines connected to untrusted networks where stronger safeguards are expected.

A safety-centric view on cybersecurity

Perhaps the most interesting shift is philosophical. prEN 50742 does not follow traditional IT security logic that revolves around likelihoods and attacker profiles. Instead, it stays firmly in the safety domain and asks simpler questions:

• What happens if this data is corrupted?
• How exposed is the safety function?
• How difficult would it be to compromise it?

For manufacturers, this does not mean becoming a full-scale cybersecurity organization overnight. It does mean adopting a systematic way to understand which data and interfaces are safety-critical, protecting them throughout the lifecycle, and leaving a clear trail whenever changes occur.

In that sense, prEN 50742 turns “cybersecurity for safety functions” from an abstract concern into something practical and manageable, a set of measures that help keep safety concepts trustworthy in an increasingly connected world.

At innotec, guidance, training, and practical templates are already being shaped around these principles and the prEN 50742 standard . Please get in touch for more information and expert guidance.