Cyber Security based on Public Key Infrastructure

Cyber Security based on Public Key Infrastructure

Cyber ​​security and open communication standards are introducing a new era for industrial systems. Currently, however, the implementation of certain key points ensuring the security of industrial systems is increasingly observed. An example is cyber security based on a public key infrastructure (PKI) for Digital Oil Field technology.

Introduction to PKI

At PKI, a trusted third party, known as the Certification Body, assigns unique certificates to all users or devices that require access to key data. After configuration, PKI acts as an intermediary in controlled access to data in real time.

Both the sources from which the messages are received and the destinations are authenticated and the content of the message is encrypted from beginning to end. Each device in the system becomes responsible for its own security. For example, the information contained in the certificates allows the PLC to verify that the message that changes the setting comes from an operator with appropriate privileges.

At this stage, security is no longer dependent on firewalls or network filtering devices. These manually configured security features are an easy target for hackers. However, properly implemented PKI cryptography goes far beyond the capabilities of the most advanced cybercriminals. Trust is no longer based on a secure network, but on secure endpoints. Thanks to this, secure communication is possible both in closed ICS networks and via the Internet.

Implementing the security of industrial systems

Implementation support technology consists of two parts. First, computers need to understand each other so that data can flow wherever it is needed. Just as people communicate using a common language, computers rely on protocols.

Some protocols operate as proprietary (closed), while others are based on open standards. Using open industry standards reduces the costs of implementing, operating and maintaining automation systems. What’s more, it also allows performance optimization.

Secondly, “everywhere does not mean anywhere.” Protocols must be not only open but also secure. Mutual authentication and encryption based on PKI are the leading standard of secure communication. It guarantees that any message for eavesdroppers who do not have the appropriate certificate is useless. He won’t be able to read it.

PKI also ensures that the information flows from the intended source to the intended recipient. With proper implementation, cryptography is “unbreakable” without access to secret keys. The protection of these keys is the basis of cyber security. It must be built-in.


Both Open Platform Communications Unified Architecture (OPC UA) and Message Queuing Telemetry Transport (MQTT) are open protocols that simplify data exchange. Both protocols also contain security (PKI) options in their specifications.

OPC UA is fast becoming an important communication standard for managing open data exchange between applications and devices of many providers on the network. To access the data, the OPC UA client program, such as the SCADA system, connects to OPC UA servers. Then information from these servers is displayed on many HMI screens or forwarded – via the SCADA system.

MQTT is a global standard communication protocol designed to optimize connections between multiple endpoints. It is becoming more and more desirable when connecting smart devices to Internet of Things applications. It provides efficient, in terms of bandwidth connections in the cloud, communication between these devices.

Performance and security

Achieving maximum bandwidth at affordable prices is crucial for at least two reasons. One of them is that carrying out so many real-time authentication and decryption operations requires more bandwidth than most systems. Especially when communication occurs between a significant number of devices within one network.

Secondly, with security at the level of data control and exchange, it is possible to take advantage of Big Data to fully exploit the possibilities of new technologies. Production data read in real time can help you monitor production more efficiently. This in turn leads to more strategic resource management and information exchange.

As field devices such as PLC or RTU are equipped with more and more powerful tools, the need for optimal data exchange efficiency is more and more important. High bandwidth is necessary to be able to fully use the potential that the embedded security of industrial systems provides today.

How Field Engineer can Help

Field engineer has engineers across the world. With the support of freelance cyber security technicians from freelance marketplaces like Field Engineer, any business can attain the digital security and can become successful.


Safety of industrial control systems (ICS) is an increasingly discussed issue. The concept of solutions in the field of Internet of Things, Industry 4.0 or Big Data, forces integrators to use advanced technologies to secure data flow. Solutions once only present in the IT infrastructure, nowadays are becoming an inseparable part of the industrial sector (OT) systems.

Leave a Reply

Your email address will not be published. Required fields are marked *