1. Home
  2. /
  3. Use cases
  4. /
  5. Secure device identity in Industrial Cybersecurity

Secure device identity in Industrial Cybersecurity

IEEE 802.1 AR provides frameworks for issuing and managing birth identities for industrial infrastructure and IoT devices. Testing and prototyping with EJBCA today will put you well on your way to building a scalable and robust supply chain security infrastructure.

hero-sub-2

Challenge

Establishing trust on the factory floor

Modern factories are made of complex assembly lines and machines themselves are built from elementary computerized bricks – Programmable Logic Controllers, Human-Machine Interfaces, sensors, Real-Time Units, and gateways. These machines interconnect with one another, with on-site and off-site systems such as Manufacturing Execution Systems (MES), Supervisory Control and Data Acquisition (SCADA), Enterprise Resource Planning (ERP), databases, digital twins, edge and cloud services, SaaS, etc. As ethernet is making more and more progress into field buses, so are IP addressing and protocols like TCP, UDP, HTTP, and MQTT to name a few. And with the latter comes the possibility for any machine or subsystem to mutually authenticate with remote peers and secure end-to-end channels by using Transport Layer Security (TLS), X.509 certificates, and private Public Key Infrastructures (PKI).

How can a factory operator enroll a new machine into their own IT and then provision connections to cloud services or SaaS with a simple process?

What can a machine builder do to ease this process?

What should the OEMs manufacturing the PLCs, HMIs, RTUs, and gateways do to make this possible?

As a developer of industrial equipment and machines or a cybersecurity expert supervising the deployment and operational security of a connected factory, implementing such technology is essential to safeguard against potential cyber threats. Modern industry standards and recommendations call for PKI and X.509 certificates to secure and authenticate communication, software, and supply chains for the industry 4.0. Examples of such standards and recommendations are:  

  • IEEE 802.1 AR - definition of IDevID and LDevIDs, respectively initial device certificate issued/injected by the OEM PKI and operational certificates issued and renewed by the operator PKI.
  • HTTPS, MQTTS - securing HTTP and MQTT with the mutual (D)TLS protocol using X.509 certificates provisioned on both sides by their respective PKI.
  • OPC-UA Part 21 (device onboarding) -  A model to allow the security configuration of a device to be managed over the complete lifecycle of the Device from manufacture to decommissioning
  • RFC 8995 (Bootstrapping Remote Secure Key Infrastructure – BRSKI) - Enables secure and automated provisioning of X.509 certificates to IoT devices during the bootstrapping process
F-Keyfactor_Illustration-IEEE 802.1 AR
arrow

Solution

Get your project off to a good start by adding the appropriate security

By levering EJBCA for your testing and prototyping today, you will be well on your way to creating a trusted supply chain based on a solution that is both scalable and robust.

Using our best practices, how-tos, and videos, you can set up a PKI to issue certificates for your industrial infrastructure and IoT devices. Once you're up, you can start tailoring your PKI and you'll have a fully functional PKI, including roles, certificate profiles, a configured use case/issuing protocol, revocation support, and system documentation.

Get started with our video tutorials and how-tos:

  • Get started with Birth Identities based on IEEE 802.1AR
  • Issuing of TLS certificates via EJBCA RA Web or REST

Tutorials

EJBCA logo website
Birth Identities
IoT
2023-05-30

Get started with birth identities based on IEEE 802.1AR

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
IEEE 802.1AR
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS
EJBCA logo website
DevOps
Get started
TLS & mTLS
2023-05-11

Certificate management in Kubernetes with cert-manager and EJBCA

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
CERT MANAGER

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
18 March, 2025

#KEYMASTER: Understanding VEX and the Future of Vulnerability Management

In this Keymaster episode, we explore VEX (Vulnerability Exploitability Excha...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
11 March, 2025

#KEYMASTER: The Rise of SBOMs – A Growing Necessity

In this episode of #KEYMASTER, we explore the evolving landscape of Software...
Read more
Keyfactor Release
25 February, 2025

SignServer 7.0 Community has been released

SignServer 7.0 Community, has been released. This new version brings a new, u...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close