Mocana IoT Security Platform for Industrial Automation Manufacture

About the Global Industrial Automation Manufacturer

This global industrial manufacturer has more than $20 billion in revenues. The company manufactures products that serve a variety of sectors, including: building, data center, industrial and energy. The company is a global Fortune 500 company headquartered in Europe. The company has 100,000 employees in more than 100 countries.

Challenge

This global industrial automation manufacturer needed to upgrade its cybersecurity controls across a broad range of programmable logic controllers (PLCs) and industrial automation equipment. Based in Europe, their state government and standards bodies mandated that industrial manufacturers serving critical infrastructure reduce the security risks associated with their products by replacing OpenSSL, an open-source SSL library, with a stronger cryptographic solution that integrated securely with the new industrial messaging standard, OPC UA. The government and manufacturer had concerns about the vulnerabilities and complexity of integration of OpenSSL as well as its large, slow code base. The manufacturer also wanted to minimize their risk of breaching privacy laws under the European GDPR regulation that imposes a 4% penalty up to €20 million per incident. Finally, the manufacturer needed a solution that integrates easily across multiple chipsets and operating systems so that it could be used across product lines and business units.

Mocana Solution

This manufacturer selected Mocana’s IoT Security Platform, an embedded security software solution optimized for use in industrial control and IoT devices. The software is designed to compile into the IED application sitting on RAM and flash memory of the device. The customer benefited by upgrading the device to support: •An OpenSSL shim to replace OpenSSL with a FIPS 140-2 L1 validated cryptographic engine •SCEP-based certificate management •Secure boot process to validate the firmware, OS and applications •Encrypted transport using SSL/TLS, SSH, multicast and wireless Ethernet for secure communications with SCADA networks •Pre-built integration with WindRiver VxWorks IDE•OPC UA integration validated by ascolab GmbH and United Automation

Impact

The global industrial manufacturer was able to harden their devices with stronger crypto and authentication and remove OpenSSL, reducing the risks associated with open source vulnerabilities. Their developers were able to more easily replace OpenSSL with and open source-free solution using tools that were pre-integrated with their development environment. The new high-performance solution had a 75% smaller software footprint and integrated seamlessly with OPC UA. The Mocana solution enabled the manufacturer to comply with government regulations and also reduce their exposure to GDPR breaches.