Technical Field
The technical field relates generally to industrial network systems and programmable devices, and in particular to systems and methods for industrial network certificate validation and recovery.
Discussion
Root certificates are one of the fundamental tools of cryptography and can be used in various authentication systems to validate certain types of encryption. Authentication systems used in operation technology (OT) systems invariably rely on Internet connectivity to manage certificates with one or more Certificate Authorities. However, many OT systems do not have access to the Internet. For example, many power monitoring systems (e.g., circuit breaker, relay, metering device, power meter, etc.) are intentionally isolated from the Internet for security assurance. Accordingly, these devices do not have access to Certificate Authorities for certificate management. As a result, traditional methods of tying certificates back to a root of trust at a Certificate Authority on the Internet, as used with online systems, is not possible. Nevertheless, the need to authenticate and validate received information, such as firmware updates, still exists. For example, it is desired that the firmware for an end device be signed and verified before it is accepted and executed. Unverified information can lead to system damage or exposed security. In the realm of industrial devices, and in particular, power monitoring systems, these concerns are of tremendous importance.