The major risks to process control and automation stems from three factors. The first factor is the diversity of communications methods and industrial protocols that are fundamentally open and insecure, because they were designed to operate within an implicitly secure silo. The second factor is the network firewalls and intrusion detection systems retrofitted into an interconnected and layered ecosystem they were not purpose-designed or intended for operations technology (OT). The third factor is that unlike the IT approach of quarantining infected user workstations (endpoints) with virtual LAN (VLAN) based network segmentation, process control systems in OT are live and quarantining devices in an interconnected system disrupts service and causes undesirable outage. Reactive approaches based on network-based anomaly detection and deep-packet inspection of application protocols will be challenged eventually by the onset of encrypted network traffic (without application reengineering) in the years ahead.
The strategy will require at least
securing the integrity of signaling between systems
managing the digital secrets that offer such security countermeasures – passwords and keys
rotating the digital secrets using X.509 certificates for trusted delivery as a mitigation strategy for recovery on compromise
tamper-resistant content delivery through the supply chain
remote device recovery on compromise with trusted software and configuration updates, and automated key renewal
auditability for visibility and measurement of compliance posture
Process Automation Workflow
Industrial automation manufacturers and discrete manufacturers must ensure compliance with cybersecurity standards such as NIST 800-53, Revision 4, IEC 62443-3-3, and FIPS 140-2. Keeping up with these standards as well as emerging standards from the Industrial Internet Consortium (IIC) and Industrie 4.0 is challenging. New regulations such as GDPR in Europe raise the stakes for non-compliance to more than €20 million per incident.
More than €20 million is at stake per incident of noncompliance.
— GDPR
Industrial automation manufacturers and critical infrastructure operators must ensure compliance with cybersecurity standards such as NIST 800-53, IEC 62443-3-3, and FIPS 140-2. Furthermore, certain industries must comply with additional standards such as NERC CIP 003 for electric utilities and DO-178 for avionics. Keeping up with these standards as well as emerging standards from the Industrial Internet Consortium (IIC) and Industrie 4.0 is challenging. Older protocols such as Modbus, DNP3 and BacNet can be difficult to secure.
A Cybersecurity System Tailored for Process Automation
Used by more than 200 OEMs to protect more than 100 million devices
Mocana’s end-to-end security system is an FIPS 140-2 validated embedded cybersecurity software solution that ensures device trustworthiness and secure communications by giving industrial automation manufacturers, OEMs and critical infrastructure operators an easy way to harden electronic control units and controllers with multi-factor authentication and trust chaining, as well secure boot to validate the firmware, OS and applications.
Learn More About Mocana Solutions
Mocana TrustCenter™
Services platform for automated security lifecycle management
Connected devices are being deployed at a rapid pace, and security can no longer be optional. This is a shared industry responsibility, which is why Arm is working with partners including Mocana to shift the economics of security by providing a common framework for building more secure connected devices through PSA."
Paul Williamson
Vice President and General Manager, IoT Device IP, Arm
Mocana’s IoT Security Platform ensures that IoT devices can be trusted and communicate securely to the public and industrial cloud platforms. Their verification of the interoperability and integration of their cloud to AWS, Microsoft Azure IoT, VMWare-based clouds, and GE Predix is a significant benefit for companies working with Mocana."
Vikrant Ghandhi
Industry Director, Digital Transformation, Frost & Sullivan of Frost & Sullivan
We are excited to work with Mocana in implementing their comprehensive software solution across our divisions. With Mocana’s Security of Things Platform, we are able to maintain consistency in our security approaches, across any type of device or sensor, addressing the variance of real-time operating systems (RTOS), controllers and CPUs. Mocana brings strong FIPS-140 proven cryptography to our embedded devices all the way up to the cloud, enabling a safer path to IoT transformation for our connected business strategy."
George Wrenn
VP of Global Cybersecurity for Schneider Electric
The Mocana IoT Security Platform provides a comprehensive security solution for industrial IoT devices and industrial clouds, delivering deep cybersecurity to protect IoT implementations. We congratulate Mocana for their well-deserved industry recognition and look forward to seeing their continued product innovation in the IoT security market throughout 2018 and beyond."
James Johnson
Managing Director, IoT Breakthrough
The tools provided by Mocana are rooted in its long history of equipping engineers with the ability to harden devices that perform mission-critical operations. Manufacturers can now be equipped to leverage the power of the embedded chips in their products to support the security and privacy requirements of these emerging data-driven IoT ecosystems."
Rob Westervelt
Research Manager, IDC
Mocana TrustCenter automated security integrated with Intel SDO dramatically reduces the onboarding and digital certificate provisioning time to drive scale."
