Industry News
CISA Confirms What We Already Knew: OT Can’t Authenticate
AKMSecure
·
Mar 19, 2026
·
11 min read
In February 2026, CISA and partners — including the NSA, Rockwell Automation, Schneider Electric, and the OPC Foundation — published a report that should be required reading for every OT security leader: “Barriers to Secure OT Communication: Why Johnny Can’t Authenticate.” The title nods to the seminal 1999 paper “Why Johnny Can’t Encrypt,” which demonstrated that a technical solution’s maturity is irrelevant if the target audience cannot practically use it. Twenty-seven years later, CISA found the same problem in OT — at industrial scale.
What CISA Found
CISA conducted voice-of-customer research across asset owners and operators in five critical infrastructure sectors: Water and Wastewater Systems, Transportation Systems, Chemical, Energy, and Food and Agriculture. The research used individual and group interviews to trace the operator journey from initial motivation through procurement, design, deployment, and operations.
The core finding: secure variants of industrial protocols — DNP3 to DNP3-SAv5, CIP to CIP Security, Modbus to Modbus Security, OPC DA to OPC UA — have existed since the early 2000s. Many OT systems built in 2026 still rely on legacy protocol implementations with no integrity protections, no authentication, and no data protection. Adoption remains minimal after two decades.
CISA identified three barrier categories that explain this failure: cost, availability concerns, and PKI difficulties. All three trace back to the same root cause.
Barrier 1: Cost That Outweighs Perceived Risk
Operators told CISA that upgrading a component to support secure communications can cost as much as the original equipment. OT vendors charge licensing fees to enable secure protocol variants that are already built into the product. Faced with these costs, CISA found that many asset owners chose segmentation and continuous monitoring instead — controls they perceived as having comparable security benefits with more predictable costs.
The cost problem compounds throughout the lifecycle. Organizations must budget for retrofitting legacy infrastructure, upgrading hardware to support cryptographic operations, integrating certificate management practices, training personnel, handling more complex field operations, and maintaining compliance with evolving standards. For an industry running devices on 15–20 year lifecycles, these recurring costs erode any ROI case for secure communications.
Barrier 2: Security Seen as a Threat to Availability
The most revealing finding: OT operators view secure communications as a risk to operational availability, not a protection of it. Prior poor experiences with security solutions had a long-term negative effect on operators’ willingness to try new approaches.
Latency is a concrete concern. IEC 61850 mandates a maximum 3-millisecond end-to-end delay for Type 1A protection messages. PKI authentication takes 300–700ms. If CPU cycles for signing and verifying signatures exceed that threshold, the security mechanism itself causes operational failure.
Observability is another barrier. Operators assumed that secure communication means all traffic is encrypted, which complicates debugging and security monitoring. CISA clarified that signing (integrity and authentication) can be applied without encryption — but the confusion itself reveals how poorly the industry understands the available options.
Barrier 3: PKI Difficulties Dissuade Operators
This is the section that validates everything AKM was built to solve. CISA states directly: almost every operator interviewed mentioned challenges with deploying and maintaining PKI. For an industry being told to adopt Zero Trust architectures, this is a fundamental problem — you cannot build Zero Trust on an infrastructure that operators cannot deploy or maintain.
Deployment Complexity
Initial key provisioning requires operators to configure a certificate manager, create certificates, and deploy them to each component. Many operators said they needed a system integrator or managed service provider for these activities — an external dependency before a single packet is authenticated. The level of automation varies by protocol version, with newer implementations like DNP3-SAv5 and DNP3-SL offering some improvement, but the fundamental dependency on PKI infrastructure remains.
Operational Complexity
Field-level secure communication operates in a responsibility gray zone. OT operators manage PLCs, RTUs, sensors, and actuators. IT security teams manage the PKI infrastructure and higher-level network. Neither group has full ownership of certificate lifecycle operations at the device level. CISA found that operators who succeeded used commercial or no-cost software to automate key management — an admission that PKI’s manual overhead is operationally unsustainable.
The Expired Certificate Problem
This finding captures the absurdity of PKI in OT. Operators raised a critical question: what happens when a certificate expires on a safety-critical device? A protection command could be erroneously dropped because the source component’s certificate expired. CISA documents that one approach operators use is to simply not check whether certificates are expired — effectively allowing certificates to never expire. CISA acknowledges this is not best practice but calls it an intermediary solution. When the recommended workaround for a security architecture is to disable its core security mechanism, the architecture is broken.
Connectivity Risks
One operator perceived PKI as requiring them to break air-gapped segmentation, because the certificate authority must be centralized, forcing bidirectional communication from the field. This is not a misunderstanding. It is an accurate description of PKI’s operational requirement — and a direct conflict with the isolation that OT environments depend on for safety.
The Post-Quantum Complication
CISA’s report includes a section on post-quantum cryptography that reinforces the case against PKI in OT. PQC adoption suffers from the same barriers: if the technology is difficult to use, costly, or prone to causing downtime, it will not be adopted. Worse, PQC’s larger key sizes will significantly increase network utilization during key exchange — exacerbating the latency and bandwidth constraints already blocking adoption on older OT infrastructure.
CISA emphasizes crypto-agility as the solution: systems that can replace and adapt cryptographic algorithms over time. But in a PKI architecture, crypto-agility means replacing hardware, updating firmware, and reissuing certificates across every device. In AKM’s symmetric-key architecture, crypto-agility is native. The protocol is quantum-secure today without post-quantum bolt-ons.
What CISA’s Recommendations Miss
CISA recommends that operators utilize signing on all OT communications, apply encryption selectively for sensitive data, search for products with crypto-agility, and seek vendor solutions that simplify secure workflows. For manufacturers, CISA recommends including secure communication by default, building systems with crypto-agility, and being transparent about infrastructure costs.
These are reasonable recommendations within the current paradigm. But the current paradigm is the problem. Every recommendation assumes PKI as the underlying implementation. Better planning does not eliminate the certificate lifecycle. Phased adoption does not reduce PKI’s connectivity requirements. Improved vendor coordination does not fix the staffing gap between OT and IT teams. And none of it delivers true Zero Trust — the ability to verify every session independently with no implicit trust between devices. CISA’s own interviewees confirmed that operators who found success automated their key management and prioritized systems that are difficult to access. That is not PKI. That is autonomous key management.
What OT Actually Needs
CISA’s report makes the requirements clear, even if it stops short of naming the solution. OT environments need authentication that is autonomous, lightweight, independent of certificate authority infrastructure, air-gap capable, and resilient to cryptographic evolution. They need Zero Trust at the protocol layer — where every session is independently verified and no device is implicitly trusted. AKM was purpose-built for every one of these requirements:
- No certificates to manage, expire, or revoke. Dynamic symmetric keys rotate continuously and autonomously. The lifecycle CISA identified as the primary barrier does not exist.
- Sub-50kb embedded executable. AKM deploys directly onto constrained PLCs, RTUs, and ICS devices. No hardware upgrades required. No vendor licensing fees for secure protocol activation.
- Provision once, runs forever. No human intervention post-setup. No staffing gap between OT and IT because there is no ongoing certificate operation to staff.
- Air-gapped by design. AKM operates without broader network connectivity — no CA dependency, no forced bidirectional communication from the field.
- Sub-millisecond handshake. AKM completes authentication in under 1ms versus PKI’s 300–700ms. For IEC 61850 environments requiring 3ms end-to-end, PKI is mathematically disqualified. AKM is not.
- Zero Trust by design. Every session is independently verified. No persistent credentials. No implicit trust between devices. Dynamic keys rotate continuously, eliminating credential theft and lateral movement — the exact Zero Trust architecture that federal mandates require and that PKI cannot deliver in OT.
- Quantum-secure by architecture. Symmetric-key cryptography is natively immune to quantum attack. No post-quantum migration, no larger key sizes, no increased network utilization.
The Data Is In
CISA’s report references the Industroyer attack on Ukraine’s power grid, noting it could have been detected and prevented through authenticated OT communication. The technology existed. The deployment model didn’t. That gap — between what is technically possible and what is practically deployable — is exactly what CISA’s 17 pages document.
The cost comparison reinforces the point. AKM’s total cost of ownership runs roughly 25% of what a comparable PKI deployment costs over the same lifecycle. The savings compound precisely because AKM eliminates the manual, recurring certificate burden that CISA identified as the core barrier — no certificate managers, no integrator contracts, no annual renewal cycles.
Twenty-plus years of available secure protocols. Twenty-plus years of minimal adoption. Five critical infrastructure sectors confirming the same barriers. The question is no longer why Johnny can’t authenticate. It’s why we’re still handing him the wrong tool.
AKM is a patented Autonomous Key Management™ protocol that replaces outdated PKI with a quantum-secure, air-gapped-capable architecture using dynamic, self-managing credentials — eliminating the key-compromise breaches that PKI makes inevitable. AKM enforces Zero Trust by verifying every session independently, leaving no persistent credentials to steal and no standing privileges to exploit. Built to NSA standards for resilient cybersecurity, AKM deploys as a lightweight SDK into existing software and hardware — replacing PKI in enterprise IT or delivering encryption to OT endpoints where PKI was never viable. Its crypto-agile pipeline generates unlimited key material from a single seed and self-heals automatically, ensuring continuous operations without human intervention.