Connect with us

Hi, what are you looking for?



Mocana Launches Industrial IoT Security Platform

As the industrial internet of things (IIoT) begins to revolutionize productivity, so too does it dramatically increase industry’s cyber-attack surface. What has been missing is a single platform to provide or enable security across the entirety of IIoT.

As the industrial internet of things (IIoT) begins to revolutionize productivity, so too does it dramatically increase industry’s cyber-attack surface. What has been missing is a single platform to provide or enable security across the entirety of IIoT.

To fill this gap, Mocana — a San Francisco-based firm that specializes in security for embedded devices — has today released its new IoT Security Platform: a full-stack security solution designd to protect industrial IoT devices and device-to-cloud communications. The platform builds on the cybersecurity technology Mocana already has for embedded devices. In particular, it provides software capabilities, a set of simple APIs and a path to utilize Mocana’s planned management and analytics capabilities.

Mocana LogoThe new platform updates 11 existing Mocana software modules, but also and importantly introduces two new innovations: NanoTAP and NanoAIDE. The former provides a vendor-agnostic software abstraction layer that allows manufacturers to take full advantage of the latest security chip technologies such as the Infineon OPTIGA Trusted Platform Module (TPM), ARM Trustzone, Intel SGX, and Intel EPID.

These new chips provide a hardware-based root of trust for embedded systems, significantly increasing the security and trustworthiness of the devices. NanoTAP is a new software module that allows applications to make use of the security capabilities of the hardware.

NanoAIDE solves one of the major problems in IIoT: secure identity for secure communications. It is not the technology that is a problem, but getting it to scale to the billions of devices that comprise the IoT. The technology is to use X.509 digital certificates to verify the individual device identity and allow secure communication between the device and its controller — whether that is local or in the cloud. The standard simple certificate enrollment protocol (SCEP) commonly used to enroll digital certificates requires a manual process that cannot scale to the volume required for IIoT. 

Mocana’s NanoAIDE solution is include enrollment over Secure Transport (EST), a new standard that automates the management and enrollment of digital certificates. “Mocana now supports both SCEP and EST to provide the flexibility and scale for managing Public Key Infrastructure using standard X.509 certificates,” announced the company in a blog post today.

“When it comes to mission-critical IoT security, there is no middle-ground or acceptable margin for error,” said William Diotte, CEO of Mocana. “Hackers have demonstrated their ability to get behind firewalls and take over IoT devices. Once a hacker has control of an IoT device or controller behind a firewall, they can wreak havoc by manipulating flow controls, valves, compressors, power systems and engine controls that result in loss of critical services and loss of life. The Mocana IoT Security Platform is the most comprehensive IoT security solution for industrial manufacturers that are concerned about cyberattacks on embedded systems, IoT devices and industrial cloud systems.”

Related: Learn More About IIoT Security at SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference

Advertisement. Scroll to continue reading.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.