What is Encryption?
Encryption is the process of converting information into an unreadable form, so that it can only be read by authorised parties with the correct key. Encryption protects data against unauthorised access, espionage and manipulation.
In OT networks, encryption helps protect communication, configurations, Remote Access and Firmware updates.
🧠 How does encryption work?
- Symmetric encryption
- A single shared key for both encryption and decryption
- Faster, often used in OT for point-to-point communication
- Example: AES (Advanced Encryption Standard)
- Asymmetric encryption
- Public and private key pairs (e.g. in TLS, VPN, HTTPS)
- Used for secure session setup, certificates, authentication
- Examples: RSA, ECC
- Data at rest vs. data in transit
- At rest: encryption of stored data (backups, firmware)
- In transit: encryption of network traffic (e.g. OPC UA, HTTPS)
Encryption is a core component within Defense in Depth and Zero Trust strategies.
🏭 Encryption in industrial networks
- Secured remote connections via VPN or TLS-based protocols
- OPC UA uses built-in encryption and certificates
- Encryption of backups, recipes and PLC project files
- Wifi networks with WPA2/WPA3 for wireless OT equipment
- Email encryption for maintenance logs or export data
- Firmware updates signed and encrypted to safeguard integrity
Encryption also supports compliance with regulations such as IEC 62443, NIS2 and ISO 27001.
🔍 Encryption vs. hashing vs. obfuscation
| Technique | Purpose | Can it be reversed? |
|---|---|---|
| Encryption | Protecting data from access | Yes, with the correct key |
| Hashing | Integrity checking, password verification | No, one-way function |
| Obfuscation | Making reverse engineering harder | Yes, with effort |
🔐 Security considerations
- Encrypted communication limits the risk of eavesdropping (sniffing)
- Key management is critical: use PKI, HSM or central vaults
- Legacy OT equipment may not support encryption
- Watch latency and CPU load in real-time applications
- Combine with Access Control and authentication for full protection
Encryption is effective, but only when key management is in order.
📌 In summary
Encryption protects industrial systems and data against unauthorised access, and is a fundamental layer in any OT security model. It must be applied carefully in combination with other security measures.