TL;DR

• CRA introduces stricter cybersecurity requirements for connected systems.
• Direct OT-to-internet connectivity creates unacceptable risk.
• Industrial edge software provides a secure buffer layer.
• Protocol translation enables IT/OT interoperability.
• Secure edge architectures enable compliance and performance.

Why this matters now

As industrial organizations increase connectivity to support analytics and AI, traditional air-gapped approaches are becoming less practical. At the same time, new regulations like the Cyber Resilience Act (CRA) are increasing the requirements for secure system design and operation.

This creates a dual challenge: organizations must connect systems to remain competitive, while also ensuring that expanded connectivity does not introduce unacceptable cybersecurity risks.

As Daniel Smith and Alan Mathason explain in a recent article in Tech Briefs, exposing OT systems directly to external networks can be risky without the right architecture:

“If executed without careful engineering, exposing OT networks directly to internet connectivity creates unacceptable cybersecurity risk, an exacerbated challenge when navigating in the CRA era. Fortunately, modern technology provides a solution: industrial edge software.”

Industrial edge software, like Emerson’s PACEdge software platform and Movicon.NExT industrial software help teams operate more effectively at the IT/OT convergence without the risk of exposing critical systems to the outside world.

Takeaway: Secure connectivity in the CRA era requires purpose-built architectures that protect OT systems by design.

Building a bridge

Industrial edge software creates a secure intermediary layer between OT systems and external networks, allowing data to move without exposing critical assets.

“Edge software sits between OT networks and external networks, acting as a controlled buffer with secure inbound and outbound communications. The software can pull or receive pushed data from the OT network without exposing OT devices. It can also push predefined incoming data directly to control devices on the OT network.”

It is this push/pull capability that is key to security. Outbound data from OT travels through a secure, CRA-aligned, predefined pipeline. Conversely, any data intended for the internal OT network is extremely limited, allowing only bounded parameters, not open control commands.

The software can be leveraged alongside Emerson’s industrial PCs to provide a platform for advanced analytics and other critical industrial software to help drive operational excellence without introducing unnecessary latency that could delay or disrupt processes.

Takeaway: Edge software acts as a controlled bridge that enables connectivity without compromising OT security.

A universal translator

Industrial environments often rely on a mix of legacy systems and modern technologies, making communication between them difficult without translation layers.

“[Emerson industrial software solutions] can ingest data from more than 40 protocols, normalizing that information and republishing it in a modern, secure, open protocol like OPC UA or MQTT.”

By normalizing and republishing data, edge software makes it accessible to modern IT systems and analytics tools.

Takeaway: Protocol translation enables seamless integration between legacy OT systems and modern IT infrastructure.

Navigating complexity

As operations grow more complex, organizations must find ways to introduce modern technology without disrupting uptime or increasing cybersecurity risk.

Incremental adoption of secure edge architectures allows teams to modernize systems while maintaining control and compliance.

Takeaway: Incremental edge deployment enables secure, scalable modernization in complex industrial environments.