IEN Europe: What should a modern cybersecurity strategy for industry be able to achieve, in your view? What are the minimum requirements, both technically and from a regulatory perspective?
Liou: The priority in industry should be resilience and operational continuity, not just compliance. A modern cybersecurity strategy must keep operations running safely even under attack, and it must provide evidence of what has been put in place.
NIS2 raises the bar on governance. Companies need to know what assets they operate, detect incidents early, and be able to demonstrate controls in an audit. For OT, IEC 62443 offers a clear structure, from secure development practices in 4-1 to technical component requirements in 4-2. The CRA complements this by reinforcing product lifecycle responsibility and supply chain diligence.
Practically, the path is incremental. Build an accurate asset inventory, segment the network, restrict communications to what is necessary, and harden critical junctions such as zone boundaries. Then use network management and logging to spot unexpected devices, detect abnormal behaviour, and support troubleshooting and audits. Finally, make the organizational model work. OT must actively support IT with clearly defined roles, because OT networks mix modern and legacy equipment and security changes must not disrupt production.
IEN Europe: Which key components and considerations are necessary for future-proofing? How can a company ensure that its protection remains up to date, particularly in the constantly evolving field of cybersecurity?
Liou: Future-proofing is as much about reconciling the past as preparing for the future. We see this firsthand. Equipment we deployed fifteen years ago still runs on production lines, which is a real test of long-term support and interoperability. Every new generation must remain compatible with what came before, while supporting what comes next, such as SPE, TSN, or NAMUR Open Architecture.
Where we innovate, we still support open standards. Turbo Ring can achieve failover in under 20 ms, and RSTP and MRP are always available.
High availability architectures remove the false choice between patching and continuity. With redundant hardware, communications stay up while one unit updates. Equally important is choosing vendors committed to long term support, including software component transparency, vulnerability handling, and CRA reporting obligations.
IEN Europe: Which products and services does Moxa offer to potential customers in the fields of secure networks and secure industrial communication?
Liou: No single product can secure an industrial network on its own. That is why we take a holistic approach that combines security hardened devices, centralized management, and hands on expertise.
On the device side, we offer one of the broadest portfolios of IEC 62443-4-2 certified products, encompassing all the key OT network building blocks. Depending on the model, this includes features such as deny by default policies, secure boot, and protections against misuse or denial of service. For example, our NPort 6000-G2 secure device servers support encrypted connectivity with TLS 1.2 and 1.3 and SSH, and they are IEC 62443-4-2 Security Level 2 certified. This helps bring legacy serial assets into a more secure network design.
For visibility and operations, MXview One is designed to discover and visualize network devices and connections, centralize configuration and firmware management for Moxa devices, furthermore it provides event notifications and reporting. With the security add on, it can also support tasks such as deploying firewall policies and managing IPS pattern updates across supported devices.
Beyond products, our field teams support architecture design with customers, and we provide OT cybersecurity training. We also operate a Product Security Incident Response Team with a structured vulnerability management process, in addition Moxa is a CVE Numbering Authority for Moxa products.
IEN Europe: What specific challenges are involved in retrofitting or upgrading security solutions for production facilities, which have a wide range of components and machinery of various ages?
Liou: The fundamental constraint of OT retrofitting is one every plant manager understands: The line cannot stop.
Visibility must come first. In a loosely segmented network, and the looser the segmentation the riskier any reconfiguration becomes, mapping communication flows is a prerequisite. Then place routers and firewalls at zone boundaries and restrict traffic to what is necessary. Add protections such as deep packet inspection, MAC allowlisting, and denial of service resilience where appropriate.
Legacy serial devices do not need to be replaced. A secure serial device server can provide authentication and encryption on the IP side, shielding older assets from the network.
Under the CRA, responsibility does not disappear when an upstream component reaches end of life. The manufacturer of the finished product remains accountable for lifecycle vulnerability handling, even when components age out. Early vendor dialogue helps, and segmentation plus IDS and IPS from the outset can turn an inevitable end of life into a manageable situation.
IEN Europe: In what ways can a secure network and communications infrastructure help with the development and implementation of new concepts and business models?
Liou: A secure network and communications foundation makes new digital concepts practical in industrial environments. It allows operational data to be shared in a controlled way, without weakening the integrity of the control system that must keep running.
For example, NAMUR Open Architecture is designed to make production data usable for monitoring and optimization via a separate, secure channel, while leaving core process control unchanged. In practice, that works best when networks are segmented and data paths are clearly defined and monitored.
Certified platforms can also accelerate new applications. When an edge computer such as the UC-8200 is already IEC 62443-4-2 Security Level 2 certified, it can reduce the effort needed to build a security case for the underlying platform. Teams can then focus their validation on the application and its interfaces.
Finally, secure connectivity enables scalable operational models such as remote monitoring, condition-based maintenance, and vendor support. Access can be controlled, logged, and audited, which makes service contracts easier to operate consistently across sites and easier to justify from a risk and compliance perspective.
IEN Europe: Could you share an example of a customer success story?
Liou: With pleasure. A process automation customer contacted us after IT introduced an IT grade router at the OT and DMZ boundary, which caused a network breakdown. Tanks with unfinished reactions had to be emptied and cleaned, which created major costs and downtime. The customer then wanted to push IT out entirely. We advised against that. When something goes wrong, both sides need each other. We brought OT and IT to the same table and rebuilt the boundary together. MXview One gave IT the visibility they needed, such as event logs and audit trails, while OT retained operational control.
IEN Europe: Thank you for these insights!
