Accelerate Industry 4.0 by Extending the Secure ICS Edge
December 20, 2018
Business leaders find it hard to understand ICS cybersecurity because of its complexity. Furthermore, engineers developing ICS solutions haven't seen significant requirements at the device level.
Cyber security in industrial control systems (ICS) is poised to delay the adoption of Industry 4.0. Many business leaders find it hard to understand ICS cyber security challenges as there are many factors contributing to their complexity. Furthermore, the engineers developing ICS solutions have likely not seen significant cyber security requirements at the device level.
Traditional methods for securing industrial control systems have relied on limiting access to networks and devices, and monitoring network traffic through information technology (IT) solutions. A product lead working on devices in a factory will find it easy to dismiss cyber security as an IT problem. However, the traditional methods for securing industrial control systems will no longer be sufficient as Industry 4.0 looms on the horizon.
The challenges of ICS cyber security will ultimately delay the adoption of Industry 4.0 if companies don’t have a strategy to address device security at the Edge. To adopt and capitalize on Industry 4.0, cyber security must be a critical part of the business plan.
Although the industrial market has traditionally been slow to change, the adoption of Industry 4.0 has occurred at a pace that exceeds expectations. With these changes, cyber security is becoming one of the most challenging obstacles to the adoption of Industry 4.0. ICS cyber security standards and guidelines are in place or being established to secure the factory, but they don’t provide guidance on how to accelerate Industry 4.0 initiatives.
1. Edge devices require transition to adopt for Industry 4.0
There is a reason why Industry 4.0 is changing the ICS cyber security problem. The very nature of Industry 4.0 is to increase access and control of the devices in the factory. This means increased access to the data to expand transparency, reduced network planning, lower CapEx and OpEx, improved bandwidth, and optimized machine interworking. Increasing access and control means that the factory’s cyber security risk assessment is changing. ICS cyber security solutions must adapt to address the changing risk, and traditional countermeasures applied to the system, such as firewalls and placing a device behind a locked door, are counterintuitive to Industry 4.0 goals. This means devices will need to be security hardened to enable increased functionality in a secure method. Identity and integrity will be at the core of every device in the field to enable trusted data and secure operation.
There are many different standards in the industrial market that provide guidance on implementing ICS security. For example, NIST provides security guidance with U.S. governance. IEC 62443 is a security standard in draft form for the international market with governance in Europe. These are two of the most predominant standards, providing useful guidelines for implementing security and assessing one’s security posture for industrial control systems; however, they don’t provide guidance on how to accelerate the adoption of Industry 4.0. IEC 62443 is currently absent any guidelines for implementing security below the PLC and an ISA99 working group has recently been established to address cyber security at the bottom layers of the factory within the IEC 62443 framework.
Today, to meet a system’s acceptable security posture, countermeasures must be applied to devices that don’t reach a sufficient security level. These countermeasures typically rely on methods like firewalls to limit access and section off or isolate vulnerable devices. In the future, devices will need to reach higher security levels to enable the transition to Industry 4.0.
Analog Devices is positioned to extend the secure edge. The company’s traditional market space is at the physical edge, where the real world is translated into digital signals and data is born. This provides an opportunity to establish trust in data by providing identity and integrity earlier in the signal chain and establishing a new definition of the secure Edge. Traditionally, the secure Edge has originated at gateways, PLCs, or even servers in the ICS security framework.
This view is reminiscent of the traditional IT cyber security view of the factory but it persists throughout the industry. The prospect of driving the secure Edge lower in the signal chain is enticing because it enables higher confidence in the decisions that are being made from that data. The earlier that identity and integrity can be established in the signal chain, the more trust and confidence that can be placed in the data that’s driving decisions.
ICS cyber security can’t be addressed by a one size fits all solution and an in-depth defense approach must be adopted and applied based on the system’s risk assessment. One strategy is to extend the depth of ICS cyber security as Ethernet is adopted at the edge. Enabling Industry 4.0 requires the factory to adopt new connectivity methodologies. This means that Ethernet has taken, and will continue to take, a larger role in industrial control systems.
2. Enabling the highest confidence in decisions: where physical to digital conversion occurs
A sound security strategy is to focus on where there is Ethernet connectivity because this changes the impact any one device on the network. To this end, Analog Devices’ fido5000, RapID Platform provides two-port, multi-protocol connectivity whose security features provide key generation/management, secure boot, secure update, and secure memory access to protect against network bound attacks. Future devices will include single-chip solutions with a hardware root of trust, secure device lifecycle management, secure communications/mutual authentication, and tamper protection.
Erik Halthen, part of ADI’s acquisition of Sypris Electronics, has an extensive background in cyber security solutions. As part of ADI’s cyber security center of excellence, Erik has taken on the role of security systems manager for industrial solutions, focusing on developing security solutions for industrial IoT.