When machines suddenly need ID cards

Klaus Mochalski and Marcel Fischer (BxC Security) discuss the need for machine identities in OT. Find out whether Zero Trust can be implemented in OT and how automated certificate management prevents costly downtime.

Duration:

26 min

Guest in this episode:

Marcel Fischer

Founder & CEO BxC Security

Summary

‍

Sound Bites

Klaus Mochalski: “For a long time, and even today, there have been relatively few experts who truly combine all these skills. People who, on the one hand, know how to program a control system, how such a machine works, and what the requirements are—but who, at the same time, are well-versed not only in IT, but also in IT security and the right mindset.”

Marcel Fischer: “I think the problem lies much more in the mindset. Because as a production engineer, I simply have a completely different set of requirements. It doesn’t have to be new, it doesn’t have to be fancy—it just has to work, and it has to do so sustainably.”

Klaus Mochalski: “But I’ve always felt that authentication is actually the more critical issue, that it helps me more with many of my problems. [...] My feeling is that things have shifted a bit in IT."

Marcel Fischer: “My production protocols are kept relatively rudimentary because their only requirement was to say, ‘I need to get signals from A to B as lightly as possible with as little overhead as possible so that I can meet my real-time requirements.’”

Klaus Mochalski: “I believe the risk-based approach is absolutely central today. It’s also well understood that I view my OT security risk as a completely normal business risk, assess it, evaluate it critically, and then approach it with a focus on risk reduction once I’ve assessed it.”

Marcel Fischer: “But now we want to build use cases on top of that, and unfortunately, these use cases are increasingly ending up in the cloud, for example. [...] That means I suddenly have an MES system that’s in the cloud. And of course, that means I suddenly have to drill holes in the perimeter [...] because I suddenly have to allow communication with cloud services.”

Marcel Fischer: “That means my approach has to be: how can I use automation to prevent certificates from expiring in the first place, without losing sight of security considerations. But first and foremost, it’s purely a matter of availability, ensuring the machine stays up and running.”

‍

Chapters

00:00 Introduction to OT security and Marcel Fischer’s background

05:27 Differences between OT and IT authentication practices

09:41 Challenges of securing cloud-connected OT systems

11:13 The feasibility of implementing Zero Trust in greenfield vs brownfield projects

12:31 Practical steps for improving security with existing systems and certificates

16:33 Lifecycle management of certificates and automation solutions

23:10 Recommendations for mid-sized companies

‍

FAQ

Facts on the topic

Why have certificates and concepts like PKI suddenly become essential in the OT?

In the past, OT protocols were primarily designed for lightweight real-time communication, which is why encryption and authentication played virtually no role. However, the era of completely isolated (“air-gapped”) OT networks is over, as use cases such as MES systems are increasingly being migrated to the cloud. To secure these new communication channels across system boundaries and through firewall holes, as well as to comply with modern standards such as OPC UA, certificates are now mandatory on controllers (PLCs) and gateways.

Can a zero-trust approach be implemented across the board in production facilities?

That depends on the age of the facility. If a production facility is built from scratch today (greenfield), a zero-trust approach, in which every component must authenticate itself, can be largely implemented thanks to modern network technologies. For legacy systems that have evolved over time (brownfield), however, this is generally unrealistic. In such cases, a pragmatic, risk-based approach is recommended: systems are segmented, and zero-trust mechanisms are applied specifically only at the critical gateways between these segments.

‍

Why is certificate automation so critical to production?

Many production machines currently in use still rely on self-signed certificates with very long validity periods of 15 to 30 years. If these certificates expire unnoticed and no one at the facility knows where they were documented, it can lead to a complete system shutdown. Automating certificate renewal is therefore not merely a security measure in the first instance, but is simply essential to ensure uninterrupted production availability.

How should investments and risks related to cybersecurity in OT be assessed?

Unlike traditional enterprise IT, downtime and its associated costs in manufacturing can be calculated precisely, for example, in terms of “10 fewer cars rolling off the assembly line.” Cybersecurity in OT must therefore not be viewed solely as a technical issue. It must be evaluated pragmatically based on concrete risk reduction and, in all honesty, factored directly into the unit costs of production

What is the best first step for small and medium-sized businesses when it comes to OT security?

Small and medium-sized businesses that are just getting started should avoid the mistake of trying to find their own OT security experts in a market where such talent is already in short supply. Instead, they should first conduct an internal assessment to identify which systems in production actually use certificates. They should then bring in specialized service providers to develop a well-founded strategy, often in close collaboration with their internal IT team.