Secure Chorus addresses First Friday Club Editors’ Briefing on Industrial Internet of Things and the importance of common cyber security standards
SECURE CHORUS, 3RD DECEMBER 2018
“While several initiatives are tackling cyber security, threats aimed at the IIoT, these are typically focused on securing the IoT networks. This approach doesn’t fully address issues arising from the interconnection and hyper-digitalisation brought into play by the growth of the IIoT. There is a requirement for a more comprehensive approach that secures the data itself. MIKEY-SAKKE, an open identity-based public key cryptography standard, combined with interoperability standards provides a new approach to data security.” This was the message delivered by Roderick Hodgson, Director of Secure Chorus, at the recent First Friday Club Editors’ Briefing held on 30thNovember 2018 in London. The First Friday Club Editors’ Briefing is a monthly gathering of Britain’s most influential industrial, engineering and technology journalists in both the print and online media.
Mr. Hodgson explained that while the IIoT is not a new phenomenon, in recent years there has been a sharp rise in the number of interconnected devices exchanging valuable information,with the result that cyber-attacks on IIoT have now become a leading concern to governments and enterprise alike.Top-level areas of risk include major state-sponsored attacks on critical national infrastructure (CNI) as well as industrial espionage aimed at gathering information about an organisation.
Existing approaches to securing the IIoT network are valuable as they prevent a range of network-based attacks. But they are only valuable to a point: while network security can also be used to protect data from eavesdropping, this protection is limited by the boundary of the network. The IoT takes the data processing beyond the perimeter of a given IIoT network. This is why securing the data itself provides a more rigorous approach for securing sensitive information in the IIoT.
Securing this data can be achieved by using end-to-end encryption. However, the IoT has specific characteristics that introduce a new set of challenges to some types of end-to-end encryption. These include the fact that the number and variety of devices and system found in the IIoT is greater than in traditional industry environments. IIoT devices are being used in a wider range of scenarios, each presenting challenges caused by differences in processing capabilities, use cases, network capabilities and physical location. A network of IIoT devices may be comprised of devices and systems sitting both within and outside the security perimeter of an industrial plant.
MIKEY-SAKKE is one such type of identity-based public key cryptography open standard, which helps to address specific challenges in the IIoT. MIKEY-SAKKE ensures any encryption key material is directly tied to the identity of an industrial device or sensor. The added use of Key Management Servers (KMS) simplifies key management, providing scaling to number and compatibility with a wide variety of devices and sensors, while Secure Chorus’ interoperability standards ensure that trust can be provided between parties for the devices they control, beyond the perimeter of a single system or organisation.
MIKEY-SAKKE has been developed by the UK government’s National Technical Authority for Information Assurance (CESG), which is now part of the National Cyber Security Centre (NCSC) and a government member of Secure Chorus. MIKEY-SAKKE was standardised by the Internet Engineering Task Force (IEFT) and it has also recently been approved by the 3rd Generation Partnership Project (3GPP) for use in critical applications.
Secure Chorus serves as a platform for multi-stakeholder cooperation for the development and adoption of common interoperability standards, and has selected MIKEY-SAKKE as its cryptography standard of choice. Mr Hodgson concluded his presentation by saying that MIKEY-SAKKE presents a strong set of standards for solving several security challenges found in the IIoT, when used in conjunction with the new Secure Chorus’ interoperability standards.
About Secure Chorus
Secure Chorus is a not-for-profit membership organisation, serving as a platform for multi-stakeholder collaboration and development of forward-looking strategies, common technology standards and tangible capabilities in the field of information security for a safer global digital economy.
About First Friday Club Editors’ Briefing
The First Friday Club Editors’ Briefings were started in 1996 by a group of journalists wanting to save time and travel going around the country for press briefings. They realised that companies with new products or announcements could also benefit from a cost effective way of communicating with their market via the trade and technical press, by presenting to a guaranteed audience of leading UK journalists in a central London location.
For more information visit https://www.firstfridayeditors.org
For further information please contact:
Secure Chorus Ltd via PRPR
Elisabetta Zaccaria, Chairman
Roderick Hodgson, Director
Phone number: +44 (0) 7831 208109