Description
The increasing digitalization and interconnection of Industrial Automation and Control Systems (IACS) have significantly expanded the attack surface and heightened the risk of cyber attacks in Operational Technology (OT) environments. To address these evolving threats, IACS operators have started to adopt established Information Technology (IT) security measures within their infrastructure. Public Key Infrastructure (PKI) is one of the key authentication mechanisms in the internet today, providing server authentication for billions of websites. As a result, PKI has also been introduced into IACS environments to fulfill critical authentication requirements for OT components. However, operating a PKI proves to be challenging in the complex and heterogeneous landscape of IACS, leading some operators to rely on external service providers for PKI operation. Externalizing the authentication trust anchor results in a loss of direct control over critical security components and introduces new dependencies. In the WebPKI, Certificate Transparency (CT) was developed to monitor the certificate issuance activities of publicly trusted Certificate Authorities (CAs) and regain insight into their operations. This thesis explores the adaptation of CT for a private PKI infrastructure operated by a service provider but targeted specifically for IACS environments. While CT in the WebPKI addresses trust issues through open and multi party ecosystems, its design and trust assumptions do not align with the private and tightly controlled structure of IACS environments. To bridge this gap, a private CT infrastructure setup is proposed where all CT components are fully controlled by the IACS operator. Necessary modifications to CT processes and architecture are identified, addressing the different trust relations and capabilities of OT devices. Furthermore, a layered approach for integrating CT into the IACS environment is developed to align with industrial standards such as ISA/IEC 62443. A proof-of-concept implementation demonstrates the feasibility of this approach, including the development of custom tooling to address missing functionality in existing open-source CT software. The thesis concludes that CT can be successfully adapted for private ecosystems, although broader support is currently lacking, especially in cryptographic libraries intended for OT devices.
|