SecureG delivers a customer-specific private PKI system that integrates with Operational Technology (OT) systems, securing the environment by putting identity-based security in every node. Every OEM solution is different, so SecureG partners with our customers to design the security, policies, and procedures that make sense for your business.

PKI for OT devices deployments is very different from traditional certificates for employees or webservers. OT’s environmental characteristics make security harder and must be factored in to a PKI design. For example, here are a few of the details that must be addressed:

• OT Environments can be risky and unsupervised: physically accessible to public, but also potentially remote and inaccessible to operators. Devices must designed to be remotely accessible and still secure.
• Connectivity: Devices might use one or more of Ethernet, Bluetooth, WiFi, Cellular, NFC, LoRa, and other short range protocols, which may not be always available. Security designs must account for sporadically disconnected endpoints.
• Computation and power capabilities can be very limited on IoT devices due to cost constraints and operating environments. The PKI and related security choices must account for constrained environments.
• Machine to Machine paradigm. When there is never a human in the loop, provisioning, updating, renewal and recovery operations must be made automatic. Setup schemes that use usernames and passwords, or send out-of-band codes by SMS are just not appropriate.
• Availability and reliability are more important because no humans are there to troubleshoot. These systems must be able to resolve most issues without human intervention.

SecureG’s PKI solution provides a low-cost, flexible, and standardized solution that delivers on the three key capabilities necessary for OT system security: authentication, confidentiality, and integrity.

1. Authentication for secure network access. By issuing unique identities in the form of digital certificates for every node in a customer system it possible to authenticate them every time they request network access.
2. Secure machine-to-machine communications. PKI helps safeguard data by providing end-to-end data encryption, both at rest and in transit. This helps ensure the data stored in OT systems and the communication between IT and OT systems remain insulated from attacks. Encrypting communications also helps meet compliance requirements. Regulatory bodies, such as the NERC, FERC, NIST, and U.S. President Biden’s recent executive order on cybersecurity all require encryption.
3. Data and Software integrity. Ensuring the firmware in OT systems is safe and free of corruption is crucial to avoid software supply chain attacks. PKI provides an effective means of verifying firmware authenticity and integrity through code signing. OT firmware suppliers can use PKI to digitally sign the firmware they are releasing to help organizations verify the identity of the supplier and confirm that the received firmware hasn’t been altered since its signing. This enables secure boot and protects OT systems from attacks.

SecureG’s PKI solution provides easy (and sustainable) scalability in terms of certificate numbers and service deployment, and it runs on public SaaS cloud infrastructure or private networks for on-premises environments. The PKI solution is future-proof and designed to evolve to meet future security needs like changing encryption algorithms. It provides flexible creation and management of Subordinate CA to allow the support of multiple business segments and environments.

SecureG’s customer-specific private PKI system for securing OT environments is the best cost-benefit option for securing OT equipment. It is a must-have for the critical infrastructure market. Contact SecureG today to get started securing your OT product line.