AUTOMOTIVE MANUFACTURING

Secure Remote Access for Automotive Manufacturing OT: IEC 62443 Zone Isolation for Every Vendor Session

IEC 62443 requires a defined, monitored conduit for all vendor access to automotive factory OT. Xona is that conduit.
On February 28, 2022, a ransomware attack at a Tier-3 Toyota supplier halted 14 plants and 13,000 vehicles in a single day because the entry point was network access.
MITSUBISHI
BAKER HUGHES
GE VERNOVA
ALTAGAS
ALUAR

IEC 62443

JAMA/JAPIA

NIS2 Article 21

SOC 2 TYPE II

KUPPINGERCOLE LEADER 2025

20 min

Deployment per Plant

13,000

Vehicles Lost (Kojima, 1 Day)

40+

Countries Deployed

0

Agents on OT Endpoints
Xona-Automatic-Image

What the Kojima Incident Tells Automotive OT Security Teams

On February 28, 2022, Toyota Motor Corporation halted all 28 production lines across 14 domestic plants. The trigger was a ransomware attack at Kojima Industries, a Tier-3 supplier that produces plastic parts and electronic components for Toyota's just-in-time production system. Approximately 13,000 vehicles went unproduced in a single day.
The SANS 2025 OT cybersecurity survey ranked remote access among the top three OT vulnerability vectors. For automotive manufacturers, the specific exposure is the network access channel: OEM technicians accessing assembly line SCADA, Tier-1 integrators connecting to Allen-Bradley PLCs on EtherNet/IP, and robot vendors accessing KUKA and Fanuc controller interfaces.
The entry point was a supplier's network access. In a JIT supply chain, that is your exposure too.

How Xona Secures Automotive Factory OT

Session-brokered, protocol-isolated access for every vendor, every OEM technician, every maintenance window.

Protocol Isolation at the Gateway

  • EtherNet/IP, PROFIBUS, OPC UA, and Modbus traffic terminates at the CSG
  • Zero OT protocol data crosses to the vendor's side of the session
  • Wireshark capture on user-side interface shows zero OT protocol packets
Result

No lateral movement from one robot controller to the next. No protocol data exfiltration.

 

Identity-Driven Access Control

  • MFA enforced at the boundary before any plant network access
  • Time-limited, asset-scoped sessions for specific controllers
  • Access terminates automatically when maintenance window closes
Result

No shared VPN credentials. No open-ended vendor tunnels. No access past the service call.

Session Recording and Audit Trail

  • CSG gateways capture session recordings with timestamps, user attribution, asset identifiers, session duration, and access scope
  • Xona Centralizer aggregates records across every connected site from one console
  • Replay access recordings for forensic audit
Result

Audit documentation prep: weeks of manual log compilation to automatic export.

Agentless for Legacy OT

  • No agent on VxWorks PLCs or Windows CE controllers
  • No agent on KUKA or Fanuc robot interfaces
  • No agent on SCADA workstations
Result

No software conflicts. No firmware compatibility testing. No change control for endpoint modifications.

20

minutes to deploy per plant

Step 1: Deploy gateway at each plant. OT network topology unchanged. Network firewall policies may require minor updates. No new VLANs. Step 2: Grant time-limited, asset-scoped vendor access. Step 3: IEC 62443 and JAMA/JAPIA compliance documentation produced automatically.

Mitsubishi, automotive manufacturing OT deployment
Deployed by Mitsubishi across automotive manufacturing OT. Assembly line automation, robot arm controllers, and plant-level SCADA systems. Access for OEM technicians and system integrators runs through session-brokered architecture.
Also deployed by Aluar (metals manufacturing), Baker Hughes, GE Vernova, and AltaGas across 40+ countries. These are production deployments, not pilots. Named a Leader in OT/ICS Secure Remote Access by KuppingerCole Leadership Compass 2025.

Who Needs Xona in Automotive Manufacturing

Plant/Production Manager

  • 20-minute deployment per plant with zero production line downtime
  • Vendor access scoped to specific controllers with automatic session termination
  • Multi-plant rollout: 20 parallel installations

OT/Automation Engineer

  • No agent on VxWorks PLCs, Windows CE controllers, or robot interfaces
  • EtherNet/IP, PROFIBUS, OPC UA protocol data terminates at the gateway
  • Browser-based access replaces VPN tunnels exposing the plant network

CISO / Security Lead

  • IEC 62443-3-3 SR 2.6 compliance through defined, monitored pathways
  • Every vendor session recorded with user attribution for forensic audit
  • NIS2 supply chain obligation documented for OEM qualification

Compliance / Supplier Quality

  • JAMA/JAPIA documentation produced automatically from CSG session records aggregated in Centralizer
  • OEM supplier audit readiness without manual log reconstruction
  • IEC 62443-2-4 vendor access records for IACS service provider requirements

Xona vs. Traditional Remote Access

Capability
Deployment Time
Network Changes
Protocol Isolation
Session Recording
IEC 62443 Coverage
Air-Gap Support
Legacy PLC Support
Vendor Access Control

Xone-Logo-White@2x

 

20 minutes per plant
None
Full termination at gateway
Full with user attribution
SR 2.6, SR 1.1, FR5
Yes
Agentless (VxWorks, Windows CE)
Time-limited, asset-scoped
Traditional VPN
Days to weeks
Firewall rules, VLANs
None. Tunnel carries all traffic.
Connection logs only
Not designed for IEC 62443
No (requires internet)
Requires endpoint connectivity
Network-wide access
Cloud ZTNA
Hours to days
Cloud connector config
Partial (cloud proxy)
Varies by vendor
Partial
No (cloud-dependent)
Requires agent or connector
Application-scoped
Jump Server
Days to weeks
Network segmentation
None (network access)
Manual screen capture
Minimal
Partial
Requires network access
Server-scoped

Compliance Architecture: IEC 62443, JAMA/JAPIA, and NIS2

IEC 62443 and OEM Supply Chain Compliance Mapping

IEC 62443 requires a defined, monitored conduit for all vendor access to automotive factory OT. Xona is that conduit.

Requirement
IEC 62443-3-3 SR 2.6
IEC 62443-3-3 SR 1.1
IEC 62443-3-3 SR 2.1
IEC 62443-3-3 FR5
IEC 62443-2-4 §2.3
JAMA/JAPIA Guidelines
NIS2 Art. 21(2)(d)
Control
Remote session through defined, monitored pathways
Human user identification and authentication
Authorization enforcement (least privilege)
No OT protocol data on external side
Remote access security for IACS service providers
Supply chain cybersecurity controls documentation
Supply chain security for OT environments
Architecture
Gateway is the conduit for all external OT access
MFA enforced at the boundary before any plant network access
Time-limited, asset-scoped sessions
Protocol isolation at gateway
Session monitoring, MFA, access logging for all vendor access
CSG session records aggregated in Centralizer for JAMA/JAPIA questionnaires
Access controls satisfy NIS2 supply chain obligations

JAMA/JAPIA Supply Chain Requirements

After the Kojima incident, JAMA and JAPIA published updated cybersecurity guidelines requiring suppliers to document their cybersecurity controls, including remote access. OEMs reference them in supplier qualification audits. Failure to meet them is a supply chain qualification risk.
CSG gateways capture the answer automatically. Every session record includes the user, the asset, the duration, the scope, and the timestamp. Centralizer aggregates those records across all sites. No spreadsheet reconstruction. No manual log compilation.

NIS2 Article 21 and Downstream Obligations

NIS2 Article 21(2)(d) requires operators of essential and important entities to address supply chain security. Automotive OEMs that qualify as essential entities under NIS2 pass this obligation downstream to Tier-1 and Tier-2 suppliers via procurement requirements. Session-brokered access provides the documented controls that satisfy downstream NIS2 obligations.

UN R155 vs. IEC 62443: Factory vs. Vehicle

UN Regulation 155 is a UNECE vehicle type approval requirement governing cybersecurity management systems for road vehicles. It governs the vehicle. It does not govern the factory that builds it. Session-brokered access secures the remote channel into automotive manufacturing OT: assembly lines, robot arm controllers, production SCADA, and plant automation. This is IEC 62443 territory.

IEC 62443

JAMA/JAPIA

NIS2

SOC 2 TYPE II

Technical Specifications

OT Protocols
EtherNet/IP
PROFIBUS
OPC UA
Modbus
Telnet
VNC
HTTP/HTTPS
CAN bus interfaces
Architecture
CSG (Xona Secure Gateway)
XCM (Xona Central Manager)
Centralizer
Deployment
On-premises
hybrid
air-gapped
No cloud dependency required
Endpoints
Agentless
No software on OT endpoints
Certifications
SOC 2 Type II
KuppingerCole Leader 2025
v5.5 Features
Session Hold
Auto-Reconnect
concurrent multi-protocol sessions
session transfer

FAQ

Our OEM is requiring cybersecurity compliance. Does that include UN R155 and our factory?

OEM requirements typically cover two areas: product cybersecurity (UN R155, ISO/SAE 21434) and supply chain security (JAMA/JAPIA, NIS2 Article 21, covering factory OT). Xona addresses factory OT security. Review your OEM's audit questionnaire to understand which requirements apply to your production operations versus product development.

How does the architecture handle robot controller vendor access? KUKA and Fanuc require regular remote connectivity.

Engineers connect through the same gateway as all other vendors. An administrator approves a time-limited, asset-scoped session for the specific controller. The engineer accesses the controller interface through the gateway. No plant network access beyond the authorized scope. When the maintenance window closes, access terminates.

Our PLCs run Windows CE and VxWorks. Does the architecture require an agent on OT endpoints?

No. Agentless architecture means nothing is installed on OT endpoints. No agent on Windows CE or VxWorks PLCs, no agent on robot controllers, no agent on SCADA workstations. Supported protocols include Telnet, VNC, HTTP/HTTPS, Modbus, EtherNet/IP, and legacy proprietary protocols. No protocol upgrades or endpoint agents required.

What documentation can we produce for a JAMA/JAPIA supplier audit?

CSG gateways capture session recordings with timestamps, user attribution, asset identifiers, session duration, and access scope for every vendor remote access event. Centralizer aggregates those records across all sites. For JAMA/JAPIA audit questionnaires asking about remote access logging, MFA enforcement, time-limited access, and least-privilege controls, these records provide the supporting documentation without manual reconstruction.

How does 20-minute deployment work across a multi-plant automotive facility?

Deployment requires no changes to OT network topology or control system configurations. Network firewall policies may require minor updates to enable the CSG connection path. No new VLANs, no change control process for network infrastructure. The gateway communicates outbound to Centralizer only. No inbound ports are opened. For a 20-plant operation, deployment is 20 parallel installations, not a sequential 20-plant integration project.

What is the risk if a vendor's device is compromised while they are in a session?

Session isolation limits the blast radius. The compromised device has access only to the specific asset approved for that session window. When the session ends, access terminates. No persistent connection exists.

How does Xona handle Tier-1 integrator access during production line commissioning?

The same session-brokered model applies. The integrator authenticates through MFA, receives a time-limited session scoped to the specific PLC or automation controller being commissioned, and loses access when the commissioning window closes. The session record documents every action for IEC 62443-2-4 compliance.

Can we separate factory OT compliance from vehicle cybersecurity compliance in the same audit?

IEC 62443 requires a defined, monitored conduit for all vendor access to automotive factory OT. Xona is that conduit. IEC 62443 governs factory automation and control systems. UN R155 and ISO/SAE 21434 govern the vehicle product. Xona's session records, access policies, and compliance documentation map directly to IEC 62443 requirements. Your vehicle cybersecurity management system is a separate compliance track with different controls and different evidence requirements.

Stop Exposing Your Production Line. Start Documenting What OEMs Require.

20-minute deployment per plant. IEC 62443 SR 2.6 compliance through defined, monitored pathways. JAMA/JAPIA documentation produced automatically from every vendor session. Your OEM's next supplier audit asks about remote access controls. Have the answer ready.

 Secure access for the systems that keep the world running.
© Xona Systems, 2026
Cookie Policy
Privacy Policy
Disclosure Policy
Website Terms of Service
Terms & Conditions