IEEE 802.1 AR provides frameworks for issuing and managing birth identities for industrial infrastructure and IoT devices. Testing and prototyping with EJBCA today will put you well on your way to building a scalable and robust supply chain security infrastructure.
Challenge
Modern factories are made of complex assembly lines and machines themselves are built from elementary computerized bricks – Programmable Logic Controllers, Human-Machine Interfaces, sensors, Real-Time Units, and gateways. These machines interconnect with one another, with on-site and off-site systems such as Manufacturing Execution Systems (MES), Supervisory Control and Data Acquisition (SCADA), Enterprise Resource Planning (ERP), databases, digital twins, edge and cloud services, SaaS, etc. As ethernet is making more and more progress into field buses, so are IP addressing and protocols like TCP, UDP, HTTP, and MQTT to name a few. And with the latter comes the possibility for any machine or subsystem to mutually authenticate with remote peers and secure end-to-end channels by using Transport Layer Security (TLS), X.509 certificates, and private Public Key Infrastructures (PKI).
How can a factory operator enroll a new machine into their own IT and then provision connections to cloud services or SaaS with a simple process?
What can a machine builder do to ease this process?
What should the OEMs manufacturing the PLCs, HMIs, RTUs, and gateways do to make this possible?
As a developer of industrial equipment and machines or a cybersecurity expert supervising the deployment and operational security of a connected factory, implementing such technology is essential to safeguard against potential cyber threats. Modern industry standards and recommendations call for PKI and X.509 certificates to secure and authenticate communication, software, and supply chains for the industry 4.0. Examples of such standards and recommendations are:
Solution
By levering EJBCA for your testing and prototyping today, you will be well on your way to creating a trusted supply chain based on a solution that is both scalable and robust.
Using our best practices, how-tos, and videos, you can set up a PKI to issue certificates for your industrial infrastructure and IoT devices. Once you're up, you can start tailoring your PKI and you'll have a fully functional PKI, including roles, certificate profiles, a configured use case/issuing protocol, revocation support, and system documentation.
Get started with our video tutorials and how-tos:
Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.
Try SignServer for digital signing for code, documents, timestamps, and more. SignServer is a digital signing engine, making it easy for teams to automate signing workflows and support all of their signing formats and use cases.
Bouncy Castle is one of the most widely used FIPS-certified open-source cryptographic APIs for Java and C#, allowing developers to integrate PKI security into their applications easily.
