PKI for enhanced quality at Phoenix Contact

 

The project

SRC and achelos implemented a proprietary Public Key Infrastructure for Phoenix Contact, an international provider of innovative products, solutions and digitalisation expertise in electrification, networking and automation. This addition allows Phoenix Contact to incorporate standardised cyber security into its portfolio, positioning the company ahead of its time and already compliant with the European Union’s upcoming stricter security requirements. The project’s uniqueness stems from achelos and SRC combining expertise from various sectors to create a novel solution, given the limited regulatory requirements in the industrial environment. 

Phoenix Contact, a ‘hidden champion’ based in Blomberg, Westphalia, Germany, is family-owned. The company employs around 21,700 people, operates in over 100 countries and reported annual sales of €3.4 billion in 2023.  

Protection against attacks

In today’s rapidly evolving digital landscape, safeguarding machines, systems and infrastructures from external attacks is critical for maintaining operational resilience. Blomberg acknowledges the expanding attack surfaces in corporate networks, driven by increased connectivity and the fusion of IT (Information Technology) and OT (Operational Technology). Phoenix Contact takes a proactive stance to minimising these risks, employing advanced electronic certificates and digital signatures to ensure the authenticity of hardware and software products. 

Phoenix Contact’s ambitious goal was to establish an in-house PKI capable of delivering the superior, long-term protection desired. A key focus was on seamlessly integrating device registration within industrial production workflows, encompassing certificate issuance, signing and validation overseen by a Registration Authority (RA).

To execute this complex project, Phoenix Contact enlisted the expertise of achelos. The IT service provider was tasked with end-to-end implementation of the PKI solution, comprising planning, installing, configuring and launching the system.

No strict regulations yet

The task of navigating the project’s complex regulatory and formal landscape fell to SRC’s procedural experts from Bonn. Their involvement was pivotal given the absence of strict regulations surrounding in-house industrial Public Key Infrastructures. The multitude of variables and freedoms in this domain necessitates partnering with experts like SRC, capable of adapting best practices and knowledge drawn from their rich repository of cross-industry experiences to shape the project’s theoretical regulatory framework. Dr.-Ing. Michael Jahnich, Director of Business Development at achelos: “SRC’s extensive sector expertise was instrumental to our project’s success.”

While acholos spearheaded the technical aspects, SRC focused on creating and delivering standardised documentation crucial to the project. In the project triad, SRC’s advisory role encompassed PKI design, cryptographic algorithm selection, the associated keys and certificates, and their management. Their contribution included drafting the Certificate Policy (CP) and the Certification Practice Statements (CPS) in accordance with the RFC 3647 standard for PKI implementation. 

"The combination of leadership and practical knowledge from achelos, coupled with SRC’s theoretical regulatory expertise, proved to be a winning combination." Dr Lutz Jänicke, Corporate Product & Solution Security Officer, Phoenix Contact

Results

“A winning combination”

By drawing on their extensive non-industrial project portfolio, SRC’s consultants brought unique perspectives to this industrial PKI initiative. “Their creation of comprehensive decision templates proved to be a critical resource for Phoenix Contact’s decision-making process”, says Michael Jahnich from achelos.

The achievement has left Phoenix Contact thoroughly pleased. Having a proprietary PKI of this calibre is exceptional, positioning the network specialist as an industry pioneer. Notably, the existing solution already complies with anticipated customer requirements under the second version of the Network and Information Security Directive (NIS 2) from Brussels. Dr. Lutz Jänicke, Corporate Product & Solution Security Officer and Project Manager at Phoenix Contact, appreciates the enhanced quality assurance he can now offer customers through the PKI solution. Jänicke: “The combination of leadership and practical knowledge from achelos, coupled with SRC’s theoretical regulatory expertise, proved to be a winning combination.”

Über die achelos GmbH

"We ensure more security in the connected world!"
achelos GmbH is a system house for cybersecurity and digital identity management founded in Paderborn in 2008. The independent provider develops robust solutions and offers service packages in various expansion stages for secure products and applications. For its customers from the fields of healthcare, industry, the public sector, digital payment and telecommunications, achelos translates security standards into viable solutions in line with the requirements of compliance. Customers benefit from this holistic approach – from consulting and conception to software development and certification, and up to and including secure operation. achelos is certified according to ISO 9001, ISO 27001 and Common Criteria and has a prestigious network of partners.
www.achelos.de

Firmenkontakt und Herausgeber der Meldung:

achelos GmbH
Vattmannstraße 1
33100 Paderborn
Telefon: +49 (5251) 14212-0
Telefax: +49 (5251) 14212-100
http://www.achelos.de

Ansprechpartner:
Bianca Dören
Public Relations & Events
Telefon: +49 5251 14212-341
Fax: +49 5251 14212-100
E-Mail: bianca.doeren@achelos.de
Für die oben stehende Story ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.

counterpixel