In networked agricultural machinery, digital identities offer new possibilities for secure communication. Trusted digital identities from a public key infrastructure (PKI) protect against manipulation and enable efficient lifecycle management and long-term protection against unauthorized access.
The challenge: Trust in networked agriculture
Agriculture has long been digitalized. Modern agricultural machinery is networked with back-end systems, evaluates operating and field data, receives over-the-air updates and there are plans for machines from different manufacturers to communicate with each other. As in other areas of the economy, measures to increase cyber security are therefore necessary.
Networking considerably increases the attack surface for unauthorized access and manipulation. A key challenge is establishing a relationship of trust between the communication partners and the digital identity required for this. The secure way is to use digital certificates from a public key infrastructure (PKI). This allows the trustworthiness of the communication partner to be checked, ensuring that only authorized devices can interact. Without appropriate security solutions, data can be falsified and machine functions can be manipulated. One example is the unauthorized remote control of an agricultural machine.
In addition, the increasing number of networked machines requires efficient lifecycle management in order to keep certificates and identities up to date over the entire period of use. Manual processes are error-prone and time-consuming. They would slow down operations considerably, as staff would be tied up with constant maintenance, failed certificate renewals or control tasks.
The solution: PKI as the basis for secure machine communication
Together with its IoT partner secunet Security Networks AG, agricultural machinery manufacturer CLAAS has developed and established a secure and efficient PKI that helps to protect networked agricultural machinery from unauthorized access and other possible attacks. This involved jointly defining concepts and processes, as well as configuring and implementing the technical solution.
The CLAAS application is based on secunet’s “eID PKI Suite” software solution, which automatically generates digital identities as X.509 certificates for machines. A PKI is based on asymmetric cryptography, which uses a pair of corresponding keys. This involves a so-called public key, which is accessible to everyone, and a private key, which is kept secret and remains on the machine. The public key is used to encrypt data or verify digital signatures, while the private key decrypts data or generates signatures.
The “eID PKI Suite” from secunet is used on-premises at CLAAS to retain full control over the keys. The solution is based on hardware security modules that guarantee the highest level of trustworthiness. During production, the PKI generates an individual certificate for each agricultural machine, which is linked to the serial number. This gives them a “birth certificate” that uniquely confirms their identity and links the public key to the machine. This enables an exact mapping between the physical device and its digital identity, allowing networked agricultural machines to communicate securely with each other and the backend. Crucially, the suite supports standardized processes and protocols, ensuring automation, security, scalability, and transparency.
Communication and fleet management
To enhance both secure communication and fleet management, CLAAS integrates its PKI solution into platforms like CLAAS connect. It provides protected data and enables analyses that help farmers make better decisions. The solution meets legal requirements through GDPR-compliant data collection. This allows stakeholders to securely manage precise telemetry data, GPS information, harvest data, and other sensor data.
Secunet’s solution is suitable for various industries, such as automotive and smart metering.
The result: Long-term stability and efficiency
A public key infrastructure (PKI) from secunet offers a scalable and future-proof solution for digital agriculture and other sectors of the economy. Machines can be reliably authenticated via certificates from the PKI, making unauthorized interference more difficult and preventing costly manipulations. Building a PKI with secunet consists of the customizable software solution “eID PKI Suite”, along with tailored processes and concepts.
This opens up new possibilities, such as proactive spare parts provisioning, more precise harvest control, and comprehensive analyses to optimize agricultural processes and improve efficiency.
Standardizing these processes also facilitates future cross-manufacturer collaboration. In the long term, this paves the way for a connected ecosystem where machines from different manufacturers can securely and seamlessly work together.
