For years, the manufacturing sector enjoyed a unique privilege: its most valuable operational assets were physically isolated from the chaos of the public internet. The security of the machine shop was defined by concrete, barbed wire and the so-called air-gap – the physical break between the corporate network and the production line. If an engineer wanted to change the parameters of a PLC, he had to walk up to it with a laptop and plug in a cable. In that balance of power, location was the same as trust. Whoever was inside the factory automatically became an authorised user.
However, this world is now a thing of the past. Today’s factory floor is in fact a massive, distributed data centre with conveyor belts. The pressure for efficiency, real-time analytics and predictive maintenance has forced open the factory gates.
In the age of virtual controllers, cloud computing and containerised systems, the old factory defence perimeter has simply evaporated. In order to maintain business continuity, the modern industrial business needs to make a mental revolution: replace territorial trust with the digital passport of every device.
The blind alley of evolution, or how filtering was no longer enough
Industrial security (OT) systems tried to keep up with this revolution, but for a long time they suffered from the ‘bricklayer’s syndrome’ – trying at all costs to put up higher and higher barriers where borders no longer existed.
Initially, when machines began to tentatively talk with network protocols, managers trusted in segmentation. Virtual local area networks (VLANs) and static access lists (ACLs) were created. The logic was simple: we were separating traffic within the factory. However, this model broke down immediately when the business demanded aggregation of data from multiple locations simultaneously. It turned out that there was absolute anarchy inside the ‘secure’ zones – the systems trusted every packet that passed through the gateway.
The next step relied on deep packet inspection (DPI) technology. Specialised firewalls began to analyse not only IP addresses, but even the structure of industrial protocols such as Modbus or OPC UA. Although this was a quantum leap towards understanding anomalies in machine traffic, the architecture still had one fundamental flaw: it was extremely centralised and network-oriented.
In distributed hybrid environments, where process control often moves to the cloud, traditional control points become a technological bottleneck. It is impossible to effectively manage thousands of dynamic rules for machines that are constantly changing their logical address.
Zero Trust architecture in practical OT: Passport instead of address
Modern cyber security in the OT sector rejects the paradigm of network geography. The question “What network segment is this signal coming from?” is replaced by the much more absolute “Who are you and how do you prove it?”. This is a fundamental tenet of the Zero Trust philosophy, with cryptographic identity at its core.
In the modern production ecosystem, secure communication is based on a continuous, automated authentication process. The system does not assume trust – it demands evidence at every stage of interaction, based on four pillars:
- Verification of credential integrity: Does the device (e.g. the controller on the assembly line) hold a unique, valid and irrefutable digital certificate?
- Granular authorisation: Does this particular client (or application) have the right to issue a command to stop the line or change the oven temperature?
- Cryptographic proof: Has the identity of the sender been confirmed using advanced algorithms that rule out impersonation (spoofing)?
- Mutual authentication: Have both sides of the data transaction (machine-to-machine or machine-to-cloud) verified each other before the connection is established?
Implementing such a model means changing the status of industrial devices. Each PLC becomes an autonomous entity with its own digital identity. All software updates (firmware) must be digitally signed by the manufacturer and telemetry data streams encrypted at source.
The business case for PKI. A necessary evil becomes a market advantage
For years, cybersecurity spending in the industry has been treated by managements like an insurance policy against disaster – a cost with no direct return on investment (ROI). Public key infrastructure (PKI), which manages the lifecycle of said cryptographic identities, completely changes this calculation. It transforms security from a purely defensive mechanism into a business accelerator.
1 Democratisation of Remote Maintenance
Modern factories cannot afford downtime while waiting for a niche expert to physically arrive from the other side of the world. PKI allows secure, granular entry of external engineers straight into the heart of a particular machine – via the public internet, without the risk of opening up the entire factory network to third parties. This is a drastic reduction in response time to failures and a gigantic operational saving.
2 Secure ‘Time-to-Market’ for innovation
Companies that base their security on device identity can scale the business in no time. Connecting a new production line, integrating an acquired plant or implementing artificial intelligence algorithms to optimise energy consumption becomes an almost plug-and-play process. Security ‘follows’ the device, regardless of which physical network it is plugged into.
3 Supply chain resilience and regulatory requirements
In the face of new regulations (such as the EU’ s NIS2 directive), digital sovereignty and the ability to prove the integrity of production processes is becoming a requirement for entry into mature markets. Companies able to cryptographically confirm that their products have not been manipulated at the manufacturing stage gain a powerful asset in B2B tenders.
A new foundation for digital sovereignty
Trying to defend a modern manufacturing facility with old networked methods is a losing battle from above. In a world of blurred boundaries between IT and OT, the physical factory perimeter no longer guarantees anything.
Cryptographic identity management with modern PKI systems is not just another technological gadget in the IT department’s arsenal. It is a key element of the business strategy of any mature manufacturing company. Industry 4.0 needs digital passports, because they are the only ones that allow secure global data exchange without the risk of losing control of the physical production process. Whoever understands this the fastest will not only secure their halls, but win the race for digital flexibility and customer trust.
