As the industrial internet of things (IIoT) begins to revolutionize productivity, so too does it dramatically increase industry’s cyber-attack surface. What has been missing is a single platform to provide or enable security across the entirety of IIoT.
To fill this gap, Mocana — a San Francisco-based firm that specializes in security for embedded devices — has today released its new IoT Security Platform: a full-stack security solution designd to protect industrial IoT devices and device-to-cloud communications. The platform builds on the cybersecurity technology Mocana already has for embedded devices. In particular, it provides software capabilities, a set of simple APIs and a path to utilize Mocana’s planned management and analytics capabilities.
The new platform updates 11 existing Mocana software modules, but also and importantly introduces two new innovations: NanoTAP and NanoAIDE. The former provides a vendor-agnostic software abstraction layer that allows manufacturers to take full advantage of the latest security chip technologies such as the Infineon OPTIGA Trusted Platform Module (TPM), ARM Trustzone, Intel SGX, and Intel EPID.
These new chips provide a hardware-based root of trust for embedded systems, significantly increasing the security and trustworthiness of the devices. NanoTAP is a new software module that allows applications to make use of the security capabilities of the hardware.
NanoAIDE solves one of the major problems in IIoT: secure identity for secure communications. It is not the technology that is a problem, but getting it to scale to the billions of devices that comprise the IoT. The technology is to use X.509 digital certificates to verify the individual device identity and allow secure communication between the device and its controller — whether that is local or in the cloud. The standard simple certificate enrollment protocol (SCEP) commonly used to enroll digital certificates requires a manual process that cannot scale to the volume required for IIoT.
Mocana’s NanoAIDE solution is include enrollment over Secure Transport (EST), a new standard that automates the management and enrollment of digital certificates. “Mocana now supports both SCEP and EST to provide the flexibility and scale for managing Public Key Infrastructure using standard X.509 certificates,” announced the company in a blog post today.
“When it comes to mission-critical IoT security, there is no middle-ground or acceptable margin for error,” said William Diotte, CEO of Mocana. “Hackers have demonstrated their ability to get behind firewalls and take over IoT devices. Once a hacker has control of an IoT device or controller behind a firewall, they can wreak havoc by manipulating flow controls, valves, compressors, power systems and engine controls that result in loss of critical services and loss of life. The Mocana IoT Security Platform is the most comprehensive IoT security solution for industrial manufacturers that are concerned about cyberattacks on embedded systems, IoT devices and industrial cloud systems.”
Related: Learn More About IIoT Security at SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference