October 11, 2019
PKI and Signing for IIoT – PrimeKey is experiencing a lot of activity in this area and more is yet to come
PrimeKey exhibited this year for the first time at Hannover Messe 2019 with many interesting experiences both from our own initiatives and from interactions with customers, partners and visitors. Hannover Messe is one of the leading worldwide trade fairs in the industry market. The fair had 6,500 exhibitors this year from all over the world and over 215,000 visitors during the 5 days. The focus topics covered 5G, digital factories and security. Looking back, we can see that our own findings and the reactions from the market can be summarized in the following topics.
IIoT Security must be evaluated differently
The term "Operational Technology", abbreviated OT, is used for information technology in production environments, such as control systems for industrial plants and so-called SCADA (Supervisory Control and Data Acquisition) systems. The abbreviation IT, on the other hand, is used for the business side of information technology. OT thus stands for the physical value chain and IT focuses more on the business processes. IT and OT are both key stakeholders when factories are being digitalized. The challenge, however, is that IT and OT often work in silos. The IT manager’s concerns are privacy and data security; that’s what keeps him up at night. While the operations team is more interested in uptime and safety. Lack of understanding and visibility between the teams often leads to longer lead times in projects, a not so cost-efficient project and, in the worst case, an insecure solution. Our conclusion from having multiple discussions with both IT and OT people for the past six months is that security needs to be evaluated differently in OT and IT, but the security solutions can be reused. PKI software, signing software and secure execution hardware are examples of security solutions that can be re-used. The need for authentication, integrity and confidentiality spans across both areas but with different objectives and stakeholders over time. PKI and Signing software with secure multi-tenancy support can enable multiple use cases. Additionally, organizations can leverage one single installation of the same software.
Periods of time shifts
Control and automation systems with a lifetime of more than 20 years are not uncommon in OT. Unlike in IT-based enterprises, OT-deployed solutions commonly have no reason to change as they are designed to meet specific, and often single-use, needs and have limited requirements or incentives to be upgraded. A patch of software is traditionally regarded as a risk and not, as in IT, a "must”. These systems place a huge focus and priority on uptime and high availability. As industries digitize to achieve enhanced operational efficiency, improved safety, and competitiveness, they must do this with security in mind. The modernization of processes in OT more frequently goes in line with IT when it comes to every THING being connected. But beware, there is a limited number of all-encompassing solutions offered in this area. Identities as well as security on application level are essential components in these security concepts.
“New” solutions are needed
There is no simple solution in the area of OT security and it is important to note that the industry is placing a high priority on this topic. It is not often possible to simply apply established IT security products as solutions for the OT area. Fortunately, basic security mechanisms and technology, such as PKI solutions, signing solution and secure execution hardware are available and able to adapt the deployment to the requirements and needs of OT, where reliability and zero touch deployment are key drivers.
Both sides, OT and IT, must approach each other, learn from each other and understand that they can in many cases leverage the same security solutions. The security challenges faced in IIoT are not totally new or limited to specific industrial environments. It is important to start solving the challenges now and not wait until the first incident happens. During PrimeKey Tech Days this year, we launched the first beta version of a new local Registration point based on our PKI and SEE technology specifically designed for smart factories. More information about the local Registration Point will be available in the coming months so stay tuned to learn more about how PrimeKey delivers solutions for the IIoT market.
Want to know more about security for IIoT?
PrimeKey is a pioneer in the open source PKI and Signing security software that provides businesses and organizations around the world with the ability to implement secure IoT and IIoT solutions in the healthcare industry, for smart factories, to secure supply chains and more. Read more: IIoT security solutions
Our white paper about security for IIoT environments is available here: