TL;DR: Industrial IoT growth expands the attack surface because connected machines, sensors, and proprietary controllers still depend on uneven authentication, legacy protocols, and fragile supply chain controls, according to DigiCert. The security problem is not connectivity itself but the identity and trust model built around it.
At a glance
What this is: This is a DigiCert analysis of why industrial IoT adoption creates security, implementation, and supply chain integrity challenges for connected machines.
Why it matters: It matters because IAM, PKI, and security teams must govern device identity and remote access consistently across NHI, autonomous, and human-operated environments.
By the numbers:
👉 Read DigiCert's analysis of industrial IoT security challenges
Context
Industrial IoT links manufacturing assets, sensors, and control systems so data can be collected and production can be monitored in real time. The security challenge is that many connected environments still mix Internet-enabled devices with proprietary controllers that were not designed for modern trust assumptions, authentication, or remote administration.
For identity and access programmes, the issue is broader than device hardening. Connected machines depend on certificates, authenticated communication, and supply chain integrity, while plant operators also need to control who can reach those assets remotely and under what assurance level. That makes IIoT an identity governance problem as much as an operational technology problem.
Key questions
Q: How should security teams govern identity for industrial IoT devices?
A: Security teams should govern industrial IoT identity by treating each device as a managed non-human identity with a defined certificate, ownership, and lifecycle. The practical goal is to ensure devices can prove who they are, communicate securely, and be revoked when they are retired, compromised, or transferred.
Q: Why do legacy industrial controllers create security risk in connected factories?
A: Legacy industrial controllers create risk because many were designed for isolated networks and cannot participate cleanly in modern authentication, logging, or policy enforcement. That forces exceptions into the security model and makes remote access harder to govern consistently across the plant.
Q: How can organisations tell whether their IIoT trust model is working?
A: A workable IIoT trust model produces clear answers to three questions: which assets have verifiable identities, who can remotely control them, and how trust is revoked when a device changes state. If any of those answers are unclear, governance is fragmented and assurance is incomplete.
Q: What is the difference between device authentication and device authorisation in IIoT?
A: Device authentication proves that a machine, sensor, or controller is genuine. Device authorisation determines what that device is allowed to do once trusted. Industrial environments need both, because a verified device may still need tightly scoped permissions to limit production risk.
Technical breakdown
Why proprietary device protocols complicate industrial trust
Industrial IoT environments often combine modern connected devices with older controllers that speak proprietary protocols. That creates uneven trust boundaries because not every asset can participate in the same authentication, logging, or policy enforcement model. If a device cannot prove its identity consistently, remote access becomes a policy exception rather than a governed control. PKI helps close part of that gap by giving devices cryptographic identities and validating communication, but only when certificate issuance and validation are integrated into the operational environment.
Practical implication: inventory which plant assets cannot support certificate-based identity and treat them as governance exceptions, not normal endpoints.
How PKI supports device identity and authenticated communication
PKI gives industrial devices a verifiable identity through certificates, allowing systems to authenticate machines before data is exchanged. In IIoT, that matters because the goal is not just encryption. It is proving that the right device, sensor, or controller is talking to the right system at the right time. This aligns with identity proofing and higher assurance access patterns familiar to IAM teams, but applied to non-human assets that operate continuously and at scale.
Practical implication: bind certificate lifecycle management to device onboarding, renewal, and revocation workflows so trust does not outlive the asset.
Why supply chain integrity is part of industrial identity governance
Industrial devices are only as trustworthy as the hardware, software, and firmware chain that produced them. DigiCert’s point is that manufacturers and adopters need transparency and standardisation so buyers can verify what is included in a device before it enters production. That is an identity question because trust in a device is established long before runtime access begins. If the supply chain is opaque, downstream authentication controls start from an uncertain baseline.
Practical implication: require provenance and attestation evidence in procurement and onboarding so device trust is established before production deployment.
NHI Mgmt Group analysis
Industrial IoT exposes a device identity problem, not just a connectivity problem. When production assets move from isolated control networks into connected enterprise environments, the trust model changes faster than most governance programmes do. Authentication, certificate management, and remote access policy must now cover machines, sensors, and controllers that were never built for the same assurance expectations as human users. Practitioners should treat device identity as a first-class governance domain.
PKI remains the practical bridge between legacy industrial systems and modern access control. Certificates do more than encrypt traffic. They give security teams a way to authenticate devices, validate communications, and create a repeatable trust anchor across distributed plants and supplier environments. The limitation is not the concept of PKI, but whether certificate lifecycle management is embedded into operational processes rather than bolted on after deployment. Practitioners should align certificate governance with device onboarding, renewal, and revocation.
Supply chain integrity is part of identity assurance for industrial environments. A device that arrives with opaque hardware, unverified firmware, or unknown software dependencies starts with weakened trust regardless of how strong later access controls may be. That is why industrial security cannot stop at network segmentation or endpoint controls. Practitioners should require provenance evidence as part of trust establishment, because identity without supply chain assurance is incomplete.
Operational technology teams and identity teams need a shared control model for IIoT. Manufacturing security has historically lived apart from IAM, but connected devices now depend on the same discipline of proof, policy, and lifecycle governance. The failure mode is fragmented ownership, where device identity is assumed to be an engineering detail and remote access is handled as an exception. Practitioners should unify PKI, access governance, and procurement review under one governance model.
Certified trust becomes more important as IIoT scales. The more devices, plants, suppliers, and remote users you connect, the more any ambiguity in device identity multiplies across production. That makes governance less about one-time implementation and more about sustained assurance across the asset lifecycle. Practitioners should build programmes that can verify trust continuously instead of only at deployment.
From our research:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, showing how little inventory many programmes can actually trust.
- For lifecycle discipline in connected environments, NHI Lifecycle Management Guide is the right next resource for provisioning, rotation, and offboarding patterns.
What this signals
Device identity will become a board-level industrial control issue. As factories connect more assets, the question is no longer whether a device can transmit data but whether its identity can be trusted across procurement, deployment, and revocation. Teams that separate PKI from lifecycle governance will accumulate silent exceptions that are hard to audit and harder to retire.
The strategic signal for practitioners is convergence. Industrial environments are pulling IAM, PKI, and supply chain assurance into one trust model, because verified communication without provenance is incomplete. The organisations that build that model now will be better positioned to scale remote operations without expanding unmanaged access.
Industrial trust debt: this is the accumulation of devices that were brought online faster than their identity controls could be standardised. Once trust debt builds, remediation becomes a fleet problem rather than a device problem, so security leaders should measure how many assets still depend on manual exceptions.
For practitioners
- Map every industrial asset to an identity control model Classify each connected machine, sensor, and controller by whether it can support certificates, logging, and revocation. Separate fully governed assets from legacy exceptions so remote access and monitoring rules reflect actual capability.
- Tie certificate lifecycle to device lifecycle Connect issuance, renewal, and revocation to onboarding and decommissioning workflows so device trust does not persist after a unit is retired or replaced. Use the NHI Lifecycle Management Guide as the governance reference for lifecycle discipline.
- Require provenance evidence before production deployment Ask suppliers for firmware, hardware, and software provenance details during procurement and acceptance testing. Treat missing attestation as a supply chain risk, not just a documentation gap.
- Define remote access rules for plant operators separately from device trust Distinguish between authenticating a device and authorising a person to control it. Apply stronger assurance for remote access to production systems, using NIST SP 800-63 Digital Identity Guidelines where human authentication is involved.
Key takeaways
- Industrial IoT security depends on proving device identity, not just connecting machines.
- PKI and certificate lifecycle management are central controls when manufacturing assets must be trusted remotely.
- Supply chain transparency is part of identity assurance, because device trust begins before deployment.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Device certificates and rotation map to lifecycle control for non-human identities. |
| NIST CSF 2.0 | PR.AC-1 | Industrial access must prove identity before granting communication or remote control. |
| NIST Zero Trust (SP 800-207) | AC-2 | Zero Trust requires continuous verification of connected machines and remote operators. |
Inventory IIoT certificates and automate renewal, revocation, and ownership tracking across the fleet.
Key terms
- Industrial Internet of Things: Industrial Internet of Things refers to connected sensors, machines, and control systems used in manufacturing and other production environments. Unlike consumer IoT, IIoT is tightly tied to operational reliability, safety, and uptime, so identity, access, and device trust become part of production governance.
- Device Identity: Device identity is the set of controls that lets a machine or sensor prove who it is before exchanging data or accepting commands. In industrial environments, this is usually implemented with certificates, ownership records, and lifecycle controls that make trust measurable and revocable.
- Public Key Infrastructure: Public Key Infrastructure is the trust framework that issues, validates, and revokes digital certificates for devices and users. In IIoT, PKI allows machines to authenticate each other and to encrypt communication, but it only works when certificate lifecycle management is consistently maintained.
- Supply Chain Integrity: Supply chain integrity is the assurance that hardware, firmware, and software entering an environment are authentic and unaltered. For industrial systems, it is a trust prerequisite because a device with weak provenance undermines later authentication and access controls, even if those controls are technically sound.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by DigiCert: Three Challenges for the Industrial IoT. Read the original.
Published by the NHIMG editorial team on 2025-09-30.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
