Security platforms for industrial IoT devices

T his new approach starts by moving data acquisition and processing capabilities closer to the process, which allows for timely reaction to critical events, effective data reduction and secure distribution of information. Moving intelligence closer to the process is becoming more feasible with the increase in low cost intelligent systems that incorporate processing elements for control and data aggregation operations. However, distributing processing capabilities also presents considerable challenges in the areas of security, communications, device management, power efficiency and more.

Initiatives such as the Industrial Internet of Things (IIoT) and Industry 4.0 aim to provide best practices and recommendations to address these challenges with platforms and standards. Platforms and standards can help achieve interoperability and connectivity among multiple existing and emerging technologies. Cyber security is one of the key pillars for the creation of IIoT distributed architectures.

Above: an example of a heterogeneous computing architecture

Unfortunately, developers often overlook cyber security in the industrial sector either because of cost, design prioritisation or lack of experience. The cyber security of industrial automation devices has historically been relegated to isolated networks and weak, proprietary variants of security features. The 2010 Stuxnet attack exposed the true vulnerability of these systems, demonstrated how much damage an industrial breach can cause, and publicly positioned industrial applications as potential targets. The IIoT shift from isolated industrial networks to more open communication channels has led to even wider exposure for industrial systems.

Areas at risk

Wind turbines, nuclear plants, oil and gas pipelines, and similar industrial assets are now the target of government and hacktivist groups that exploit vulnerabilities in industrial devices. The most recent industrial incident with physical damage involved an unnamed German steel mill in 2014. This is only the second confirmed case in which a wholly digital attack caused the physical destruction of equipment and raised questions about the cyber security readiness of the industrial sector for IIoT markets.

The attack trend is only increasing. The US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) estimates that attacks on US industrial targets climbed from 41 in 2010 to 198 in 2011 and 245 in 2014. As this trend continues, considering a different approach to introduce cyber security concepts is paramount from the early stages of embedded device design to prevent, mitigate and predict attacks, targeting highly sensitive industrial operations.

Thus, the integration of a core set of cyber security features within a flexible, powerful development platform is a must for IIoT applications to become a reality. By using standardised platforms, domain experts and automation engineers can fully integrate cyber security features as part of the embedded device design cycle.

In the core of these platforms, a heterogeneous computing architecture provides the right amount of processing power and flexibility to accommodate the needs of different measurement and control applications. One example is hardware architectures that combine general purpose processors and reprogrammable elements such as field programmable gate arrays (FPGAs). The openness and flexibility of Linux with real time extensions, when paired with this type of hardware architecture, make the resulting platform compelling. Security features such as mandatory access control, virtual private networks and firewalls can be embedded within the device, which prevents the need for additional external hardware such as gateways.

Time to standardize

A flexible platform with support for standardised, open cyber security technologies would greatly reduce the expertise needed to develop IIoT applications while increasing security in industrial systems. The key to making this platform useful for the IIoT is integrating the right cyber security features so applications can automatically benefit from them. Unfortunately, a widely applicable cyber security standard for the IIoT is still incomplete and immature. Until this standard is ready, designers must look for commonality among existing related standards and fill in any gaps for an integrated solution. A set of widely agreed upon cyber security features is possible with the Linux technology available today.

Above: an example of industrial IoT distributed architecture for a smart grid application

The realisation of the IIoT as a feasible approach for making industrial processes more efficient requires using platforms and standards. A platform-based approach is essential to enable embedded designers with development frameworks flexible enough to meet the requirements of multiple application areas. The cyber security aspect of these applications should not be treated differently. A platform capable of enabling a core set of security requirements that are common across multiple application areas is a first step toward cyber security best practices standardisation for the IIoT.

Cyber security features must be fully integrated into development frameworks to be of use to domain experts and embedded engineers unfamiliar with cyber security. A commercially available heterogeneous computing architecture paired with an open, flexible OS such as Linux provides the elements for a development platform that meets the IIoT’s cyber security needs. An approach to this kind of platform is presented as part of the embedded world 2016 paper ‘Security for Industrial IoT Embedded Devices: A Linux Platform-based Approach’.