Relevant Items

Ensuring a Trusted Internet of Things | BLOG

We are at the cusp of an era where our lives will rarely depart from a connected computing ecosystem of some kind. The pervasiveness of connected systems will generate entirely new business models based on services that consume the data from these connected systems under the larger themes of digital business. The automation of prediction and collaboration, as well as the generation of unforeseen insights through analysis has been around for some time, but traditionally this has been happening in constrained and isolated environments. Industrial consumers of these technologies have had little choice outside of single function solutions. What has changed? Enormous business value is found when data crosses domain boundaries from systems that are optimized to sense the physical environment towards systems that are optimized to aggregate and synthesize data, creating real digital assets. This is the convergence of operational technology (OT) and information technology (IT). As data is moved from its real time source towards transactional systems it may need to cross several networks, which may not all be owned or operated by a single enterprise. How can these third parties trust each other? Can trust be pervasive? A secure ecosystem is possible when people, devices, and systems are able to trust each other and the concepts of identity play a foundational role in establishing this trust. From passwords, to certificates and analytics, there have been a number of techniques that have evolved over the years to establish and manage identity. On one hand, much this focus has been on humans and techniques that won’t necessarily translate into the world of devices. On the other hand, the use of public key infrastructure (PKI) for securing people, mobile devices, and network infrastructure provides a solid set of learnings for what is to come. As we look to connected ecosystems, the role and needs of the device and operational domain will become much more prevalent. Devices are becoming increasingly capable of storing and processing cryptographic material and techniques are available to offload these requirements for legacy devices that don’t have this capability. This enables devices to not only authenticate each other, but also to authorize actions based on policy. Data can also be encrypted as it is moved across domain boundaries. With these capabilities, enabled by identity security, business value can be unlocked within the domain of the device network. But what about the wider domain that may stretch across third parties? Identity security based on PKI allows trust to be extended. Business use cases within any vertical will involve tight and loose coupling between partners. The extension of trust between these partners can be defined and modeled by the use of CA hierarchies, federation and cross certification. Vertical technology stacks will continue to be built, but there will increasingly be blended solutions. All of this will work alongside brownfield installations that will persist for generations. Trust models will solve problems related to securely extending trust into these environments. Ultimately leading to entirely new business opportunities as services become more easily consumed. Automobiles are a leading case where there is a need for at least five trusted ecosystems. The internal car domain has many electronic controller devices that are crucial for the safe operation of the vehicle. The in-car experience for the driver requires individual profile customization, connectivity to consumer electronics, the consumption of external media, as well as messaging coming from sensors throughout the car. Cars themselves will also need connectivity to other cars and specialized infrastructure. Automotive manufacturing environments and supply chains are a fourth trusted ecosystem. The fifth trusted ecosystem will be payments, as our automobiles will become analogous to a ‘wearable’, able to pay tolls on bridges or even pay for a tank of gasoline. All of these secure ecosystems are enabled with secure identities of individual devices within the automobile, and the owner/driver. Industrial control systems have enormous maturity and know-how in OT and real time automation. Uptime and safety are paramount in these environments, but there is increasingly a demand for data currently locked within systems which can be considered archaic by IT standards. These systems were never meant to interoperate and were usually built in a highly vertical technology stack. New greenfield implementations of smart devices will work alongside legacy brownfield installations for decades. Data from these systems may need to be shared in near real time amongst operational managers, system vendors (DevOps), energy traders, governmental audits and other third parties. Enormous cost savings from predictive maintenance will drive innovation into places where transactional systems have never before ventured. Supply chain complexity is compounded far beyond part authenticity. From the point of silicon wafer testing to its installation into combined chipsets, to final installation into a system such as a car or an industrial controller, the number of vendor handovers can be numerous. The lifecycle of any device requires a method to securely identify it across boundaries. This is true even past the phase change when a device shifts from being a pre-manufactured part to integration into a fully implemented and personalized system. This is an important case for trust modelling across many third parties that includes the device manufacturers, owners and other services. Over the next few weeks, we will be exploring each of these cases in subsequent blog posts.