Information technology (IT) and operational technology (OT) in factories and power plants are growing ever closer together. Machines, systems, transport systems and products exchange information with each other and with back-office systems in these environments. This includes MES, PLM and warehousing solutions as well as ERP systems. However, the data exchange between IT and production systems must be secure, especially due to the increasing interconnection in the Industrial Internet of Things (IIoT), which requires companies to adapt principles from IT security for their networked production environments. A step-by-step approach is recommended.

Step 1: Implement stateless security and crypto functions

In manufacturing environments, an uninterrupted production process is a top priority. This often conflicts with security requirements. In order for security, including encryption, to function 'uninterrupted' within production processes, companies must implement the corresponding services in a completely 'stateless' manner. Protocols or systems then treat queries as independent transactions. Each data packet travels alone and has no reference to another data packet. For the client-server model, this means that data must always be sent according to the request-response principle. This strictly defines the time sequence of communication. Only when a client sends data to the service (request) does the service provided by the server respond and send data to the client (response).

Step 2: Ensure trustworthy zero-touch bootstrapping

For installation and configuration processes of systems and devices on the production line, it is important to ensure that they are largely standardized and independent of operators. This also applies in particular to safety components, which must be designed as systems that start on their own - without external impulses. Such a trustworthy zero-touch bootstrapping process is therefore a minimum requirement for security appliances that are used in production environments. This also applies to devices that create identities.

Step 3: Develop a crypto versus export-import policy

Today, a company's production sites can be located all over the world. This results in the requirement that the automation systems at all production sites must be highly available to the same extent. Consequently, this also includes security appliances. It is therefore necessary to develop export-import concepts, for example for encryption and digital identities. This can also be used to secure production sites in countries that are considered to be security-critical, for example because counterfeiting is commonplace there.

Steps 4 and 5 in the chain of trust

Step 4: Use an industrial-grade, durable security appliance

Production systems require an availability of components that goes far beyond the normal IT-relevant provisioning times. A security appliance must therefore be available in the same hardware configuration for up to ten years in order to secure production in an Industry 4.0 environment.

Andreas Philipp is Business Development Manager at PrimeKey.

© Primekey

Step 5: Bridging the gap between IT and OT

Network separation is a key aspect that can be used to close potential security gaps. This applies to systems that have a direct connection to the OT networks on the one hand and communicate with the IT world on the other. Both physical and logical network separation must therefore take place within the appliance. It is also important to continue the concept of separate responsibilities with which security appliances provide role and rights models. Another example is the creation of certificates in a two-tier public key infrastructure (PKI): The first level is formed by a root CA (Certification Authority). This server does not belong to the network and authorizes the subordinate certification authority, the Enterprise CA. This belongs to the network and issues the certificates for the end devices and users. The Root CA is normally offline and can revoke the certificate for the Enterprise CA.

Building a chain of trust

Why are stateless, durable security components that start themselves, disconnect and establish network connections and import or export digital identities so relevant? They can be used to establish a chain of trust in a networked production environment. The first component is a PKI in conjunction with certificates that are issued individually for each component (identity). The second component is the validation of the supposed identity of the device requesting a certificate, i.e. the verification of device-related system data (serial number, MAC addresses, subcomponents, etc.). Especially in networked production environments, it is helpful if the manufactured components are given an electronic identity directly during the production process.