The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Sorry Mom, But I’m Going to Have to see your ID
Zero trust cyber security is coming to the industrial space. Here are 10 best practices for automation vendors that want to build zero trust security into their products and supply chains.
February 23, 2021 | Robert Bergman
The more remote your operations, the less you should trust any party in communications. As a NIST official recently blogged: “You could be working from an enterprise-owned network, a coffee shop, home or anywhere in the world, accessing resources spread across many boundaries, from on-premises to multiple cloud environments. Regardless of your network location, a zero-trust approach to cybersecurity will always respond with, ‘I have zero trust in you! I need to verify you first before I can trust you and grant access to the resource you want.’ Hence, never trust, always verify” — for every access request!”
Zero trust comes to OT
The notion of zero trust networks emerged from the IT world, but it is catching on rapidly in the industrial world. In last month’s SecurityBoulevard.com feature: “Top 10 Best Practices for Zero Trust IoT Manufacturing,” Ellen Boehm provided a comprehensive list of what should be built into a zero-trust control product.
- #1 Root of Trust (RoT), which she says is the foundation upon which all secure computing operations are based.
- #2 Hardware-based Secure Element, which should be used to create a root of trust, leveraging a tamper-resistant secure element capable of key generation and storage.
- #3 Generate on-device keys so that the device can attest to its own identity
- #4 Cryptographic software libraries that integrate strong cryptographic libraries without known CVE vulnerabilities.
- #5 Enable mutual M2M authentication using mutual machine-to-machine (M2M) authentication, where both the client and server are authenticated.
- #6 Automate the PKI Management Lifecycle, to simplify management of the key and certificate lifecycle.
- #7 Centralize code signing and secure boot to enable digital signatures that confirm the author and integrity of the software.
- #8 Root Certificate Authority (CA), to be implemented on-premise or by a third-party.
- #9 Integrate Device Management, for seamless integration of key pair generation and PKI update.
- #10 Secure communication with end-to-end encryption of SSL/TLS or IP VPN communications to ensure data privacy.
Boehm says also that the practices also address supply chain weaknesses during the design, manufacturing, testing, and delivery of products. Most of today’s control systems don’t support these prerequisites for zero trust operation, at least not to the extent that it is described above. To see how Bedrock Automation controls systems and power supplies do implement the fundamentals, read our white papers here.