PKI for enhanced quality at Phoenix Contact

The project

SRC and achelos implemented a proprietary Public Key Infrastructure for Phoenix Contact, an international provider of innovative products, solutions and digitalisation expertise in electrification, networking and automation. This addition allows Phoenix Contact to incorporate standardised cyber security into its portfolio, positioning the company ahead of its time and already compliant with the European Union’s upcoming stricter security requirements. The project’s uniqueness stems from achelos and SRC combining expertise from various sectors to create a novel solution, given the limited regulatory requirements in the industrial environment. 

Phoenix Contact, a ‘hidden champion’ based in Blomberg, Westphalia, Germany, is family-owned. The company employs around 21,700 people, operates in over 100 countries and reported annual sales of €3.4 billion in 2023.  

Protection against attacks

In today’s rapidly evolving digital landscape, safeguarding machines, systems and infrastructures from external attacks is critical for maintaining operational resilience. Blomberg acknowledges the expanding attack surfaces in corporate networks, driven by increased connectivity and the fusion of IT (Information Technology) and OT (Operational Technology). Phoenix Contact takes a proactive stance to minimising these risks, employing advanced electronic certificates and digital signatures to ensure the authenticity of hardware and software products. 

Phoenix Contact’s ambitious goal was to establish an in-house PKI capable of delivering the superior, long-term protection desired. A key focus was on seamlessly integrating device registration within industrial production workflows, encompassing certificate issuance, signing and validation overseen by a Registration Authority (RA).

To execute this complex project, Phoenix Contact enlisted the expertise of achelos. The IT service provider was tasked with end-to-end implementation of the PKI solution, comprising planning, installing, configuring and launching the system.

No strict regulations yet

The task of navigating the project’s complex regulatory and formal landscape fell to SRC’s procedural experts from Bonn. Their involvement was pivotal given the absence of strict regulations surrounding in-house industrial Public Key Infrastructures. The multitude of variables and freedoms in this domain necessitates partnering with experts like SRC, capable of adapting best practices and knowledge drawn from their rich repository of cross-industry experiences to shape the project’s theoretical regulatory framework. Dr.-Ing. Michael Jahnich, Director of Business Development at achelos: “SRC’s extensive sector expertise was instrumental to our project’s success.”

While acholos spearheaded the technical aspects, SRC focused on creating and delivering standardised documentation crucial to the project. In the project triad, SRC’s advisory role encompassed PKI design, cryptographic algorithm selection, the associated keys and certificates, and their management. Their contribution included drafting the Certificate Policy (CP) and the Certification Practice Statements (CPS) in accordance with the RFC 3647 standard for PKI implementation. 

"The combination of leadership and practical knowledge from achelos, coupled with SRC’s theoretical regulatory expertise, proved to be a winning combination." Dr Lutz Jänicke, Corporate Product & Solution Security Officer, Phoenix Contact

Results

“A winning combination”

By drawing on their extensive non-industrial project portfolio, SRC’s consultants brought unique perspectives to this industrial PKI initiative. “Their creation of comprehensive decision templates proved to be a critical resource for Phoenix Contact’s decision-making process”, says Michael Jahnich from achelos.

The achievement has left Phoenix Contact thoroughly pleased. Having a proprietary PKI of this calibre is exceptional, positioning the network specialist as an industry pioneer. Notably, the existing solution already complies with anticipated customer requirements under the second version of the Network and Information Security Directive (NIS 2) from Brussels. Dr. Lutz Jänicke, Corporate Product & Solution Security Officer and Project Manager at Phoenix Contact, appreciates the enhanced quality assurance he can now offer customers through the PKI solution. Jänicke: “The combination of leadership and practical knowledge from achelos, coupled with SRC’s theoretical regulatory expertise, proved to be a winning combination.”