A Lesson From The Death Star on PKI Protection

As more enterprises implement their own internal Public Key Infrastructure (PKI) to save money on purchasing an increasing volume of digital certificates, the need for tools to centralize, monitor and manage certificates across all issuing sources continues to be critical. One common tool is certificate management software.

While certificate management software certainly helps organizations evolve from the stone ages of manually documenting certificate details in a spreadsheet, many certificate management applications only scratch the surface of what enterprises really need. In other words, while managing certificates is critical to prevent outages and breaches, stand-alone certificate management software is not light years ahead of platforms that do more to improve IT and security team efficiency and help organizations meet regulatory and audit compliance requirements.

Organizations need solutions to monitor, manage and protect not only certificates, but also the critical backbone PKI environment upon which certificate trust is derived. Protecting the critical infrastructure that powers certificate trust is crucial.

With a PKI environment as the cornerstone for issuing and managing certificates from an internal Certificate Authority (CA), enterprises need a wider breadth of PKI management tools to protect and control that trusted environment. While the keystrokes involved in standing up a CA may seem simple, the infrastructure serving as the base of assured trust for the CA and its issued certificates is an intricate PKI – comprised of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke each certificate.

The system must be designed, deployed, monitored and maintained with the goals of assuring the intended level of security needed for specific use cases. One vulnerability, one procedure overlooked, one policy ignored, and a CA may no longer be trusted, along with any certificates issued from it.

Thank you Wookiepedia

Star Wars Episode IV introduced us to the construction of the Galactic Empire’s first Death Star. Built as the Empire’s key to supremacy, the Death Star was a giant mobile deep space battle station and destroyer of planets. Security features included a host of high-tech protections, including a Quadanium steel hull, 758 tractor beams, 15,000 turbolaser cannons, 300K+ Imperial military members and 25K+ Stormtroopers, not to mention a superlaser capable of destroying an entire planet.

At a size of over 74.56 miles in diameter with 357 internal levels, costing over 1,000,000,000,000 galactic credits and housing over 2 million beings, the Death Star was a HUGE attack vector and a valuable target for the Rebel Alliance to destroy, ensuring their survival against the evil Empire.

Despite all its protections, the Death Star had vulnerabilities. The plans were stolen and a small exhaust port was overlooked – a port that lead to the main reactor. Luke Skywalker shot torpedoes up that port, blowing up the main reactor and causing a chain reaction that destroyed the Galactic Empire’s superweapon. The Death Star’s destruction would not have been possible without access (stolen plans) and a vulnerability (the exhaust port). Granted, the Rebel Alliance was actually the “good guy” in this example, the Alliance had the same motivation that malicious actors often have – gain access, locate the vulnerability and attack something of value.

Imagine the Death Star as a PKI environment, with each of its features (tractor beams, turbo laser cannons, military presence or exhaust ports) representing one of the PKI elements (hardware, software, people, policy or procedures). Also imagine the Death Star exhaust port is a PKI procedure and the hypermatter reactors are certificates. Access to the exhaust port (PKI procedure), then ultimately the reactor (certificate), could be detrimental to the whole environment (PKI).

Now let’s make the shift from sci-fi to business. While the Imperial Military was watching most of their Death Star features, it was not monitoring and protecting the larger environment which resulted in collapse. It’s not enough to only make sure the turbo laser cannons and tractor beams are protected and working. All the features, including sensitive access points, have to be protected as well. The same applies for a PKI environment. Not only could certificates cause an outage or breach, but other PKI elements could allow for a security vulnerability. Monitoring the entire PKI environment – including certificates – helps reduce the available attack vectors. A trusted PKI needs multiple tools for monitoring and protection.

Together, the PKI elements as a whole offer stronger protection than a single element. When considering certificate management software, enterprises should look at use case much bigger than just managing certificates. How will the tool monitor and manage certificates across multiple CAs and use cases? How does it help monitor PKI processes, policies, and procedures? How does it enable security compliance reporting?

The ability to monitor and report on the status and health of all PKI elements over time – beyond just certificates – improves security efficiency and protects organizations with ongoing threat intelligence and compliance documentation. We urge companies to think bigger. Consider a platform of tools and services that allow not just for the management of certificates, but also for the control over the entire Public Key Infrastructure.