Connect with us

What are you looking for?


10 best practices for zero trust IoT manufacturing

Whilst Industry 4.0, digital transformation and smart manufacturing are not new terms in the manufacturing industry, COVID-19 has remote working, social distancing and fluctuating demands have emphasised the need for adopting digital technologies.

Although this acceleration of digital transformation provides many benefits for manufacturers, it is not without challenges. With four in 10 manufacturers reporting that their operations have been affected by a cyber incident in 2020, take a look at KeyFactor’s 10 of the best practices for zero trust IoT manufacturing.

10. End-to-end encryption

To ensure secure communication, manufacturers should “implement encrypted SSL/TLS or IP VPN communications to ensure data privacy,” says KeyFactor, in order to harness a secure and automated PKI lifecycle management approach.

9. Integrated device management

To ensure a seamless process when generating key pairs and updating the PKI, KeyFactor highlights the importance of integrating the PKI lifecycle management tools into the device management system.

8. Root Certificate Authority (CA)

By implementing a Certificate Authority (CA) on-premise or integrating with a third-party, manufacturers can validate digital certificates. “A root CA provides further trustworthiness along the chain of trust of digital certificates.”

7. Centralised code signing

Code signing – the process of digitally signing to confirm the author and ensure the integrity of software. KeyFactor states that it is important to “ensure that firmware updates are signed by the developer and authenticated by the device before being installed.”

6. PKI management

Said to be the most complicated and most important part of managing device security, KeyFactor highlights that implementing and automating PKI and key/certificate lifecycle management will help to ensure trusted manufacturing devices.

5. Mutual M2M authentication

To establish trust between IoT endpoints, KeyFactor states that the best way is to harness machine-to-machine (M2M) mutual authentication, as well as implement strong user access controls.

4. Cryptographic software libraries

To manage crypto-operations such as encryption, TPM operations, and authentication, KeyFactor suggests that manufacturers should adopt strong crypto-libraries – such as WolfSSL – to handle such operations which are critical to protecting a device.

3. On key device generation

Manufacturers should also look to generate and store securely private keys on devices, allowing it to “attest to its own identity.” Such keys can be used for cryptography, encryption, and code signing.

2. Hardware-based security

Where possible, in order to create a trustworthy Root of Trust (RoT), KeyFactor identifies that manufacturers should leverage device-based, tamper-resistant (TMP) hardware secure elements, or hardware secure modules (HSMs).

1. Root of Trust (RoT)

Defined by KeyFactor as the foundation for which all secure computing operations are based, Root of Trust (RoT) that is installed on a device can be used to contain the keys for cryptographic functions and enable secure boot processes. It can also be implemented in hardware to make it immune to malware attacks, and comes in the form of a a security module within processors or a system on a chip (SoC).