ÃÛÌÒTV

Digital Trust 05-06-2022

The Road Ahead for a Trusted IoT

Srinivas Kumar
digicert-blogimages-mar22

The promise of digital transformation is data-driven decision engines powered by data sciences (DS), machine learning (ML) and artificial intelligence (AI). Authentication of users and machines requires trusted identities as the foundation of trust. The operational integrity of tangible and intangible assets requires explicit trust in the data at-source and in the chain-of-custody — and not just at rest, in process or in transit.

Both identity and trust are table stakes today. The true value creation comes from embedding identity and trust in operational intelligence that drives analytics and decision engines with transitive trust. There is no truth in data, only probabilities. AI-powered analytics provides structure and context for real-time condition monitoring and predictive maintenance for early fault detection — the rocket fuel of supply chain and life cycle management. Innovation begins with scientific thinking but ends with trusted data-driven outcomes.

Cryptography and certificates are the means to an end and not the end themselves. Digital transformation requires solution engineering within each industry and use case, from the physical layer to the application layer, from the device to the edge, and from the edge to the multi-cloud.

What is digital trust and why does it matter?

Ìý

Implementing a zero-trust model requires all connected entities to be digitally trusted: namely users, services and devices, wherein explicit trust may then be established with immutable identities, mutual authentication and data protection for runtime operational integrity. The return on investment (ROI) for device owners and operators is realized from resulting operational efficiencies across the supply chain with the benefits of continuous risk monitoring, remote management and condition-based maintenance.

While information technology (IT) operators manage user devices within the scope of enterprise NOC/SOC/DevOps, operational technology (OT) operators manage non-user (i.e., headless, autonomous) devices in the field.ÌýIncumbent network-based prevention and detection tools and techniques cannot scale, be effective in OT systems, or keep pace with the sophistication of evolving malware. In fact, estimate that a prevent-first strategy will fail.Ìý

Greenfield and brownfield devices in mission-critical OT systems will require hardening at the factory during manufacture and in the field respectively, to be cyber resilient and securely connect to on-premises and/or cloud hosted services. Applications will require security by design to achieve holistic end-to-end digital trust using cryptographic keys and operational certificates as the building blocks of digital trust.

What are the primary challenges to digital trust by industry sector?

Every industry has its own set of challenges. However, a common denominator of core challenges is becoming obvious. Incidentally, these are also the basic building blocks of digital trust and zero-trust implementation models.

  1. Retail
    a) OEM device onboarding and managed updates
    b) Key and certificate lifecycle management
    c) Data to cloud for AI analytics
    d) IT (NOC, SOC, DevOps) vs. OT (FieldOps): Unified workflow and single pane of glass

  2. Fintech
    a) Device and user identity
    b) Digital signing
    c) Data-at-Rest (DAR) encryption

  3. Healthcare and industrial control systems
    a) OEM device onboarding and managed updates
    b) Key and certificate lifecycle management (in online and air-gapped environments)
    c) Data integrity (in real time)
    d) Secure communications (data privacy)
    e) It (NOC, SOC, DevOps) vs. OT (FieldOps): unified workflow and single pane of glass

  4. Transportation (automotive)
    a) Key and certificate lifecycle management
    b) Secure over-the-air (OTA) updates
    c) Data to cloud for AI analytics

  5. Consumer (smart homes, smartphones)
    a) Key and certificate lifecycle management
    b) Device updates
    c) Device health monitoring

  6. Manufacturing (factory automation)
    a) Key and certificate lifecycle management
    b) Field device enrollment and updates
    c) Secure communications (telemetry, messaging)
    d) It (NOC, SOC, DevOps) vs. OT (FieldOps): unified workflow and single pane of glass

  7. Defense
    a) Secure and authenticated communications
    b) Key and certificate lifecycle management
    c) Air-gapped field device enrollment and updates
    d) Supply chain tamper resistance

Conclusion

As most silicon vendors realize, monetization and value creation do not occur at the chip level with a secure element or secure enclave alone (such as, for example, Intel’s Enhanced Privacy ID or Arm’s Platform Security Architecture initiatives). It happens upstream where such a root-of-trust anchor is integrated with the transport protocol and application stacks for holistic and embedded trust in devices.

Further, the emergence of open source and freemium models of IoT software developer kits (SDKs) from cloud platform and services vendors is a leading indicator of cross industry sector demand for a services-centric and multi-vendor horizontal platform. Just as smartphones are powered by applications in app stores, IoT/IIoT solutions are powered by heterogeneous devices and DS/ML driven analytics in the cloud. Trustworthy data requires a chain of digital trust in connected devices.

Ìý

Ìý

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205