Security for IIoT embedded devices: A platform-based approach
July 13, 2016
The way the industrial world approaches process management and control is changing. The concept of interconnectedness of intelligent devices in the co...
The way the industrial world approaches process management and control is changing. The concept of interconnectedness of intelligent devices in the consumer world is permeating the industrial realm. The resulting interconnected industrial environment is delivering a whole set of benefits – efficiency, safety, and profitability among them. However, while Internet of Things (IoT) concepts can be applied to industrial devices, assets, and infrastructure, the Industrial IoT (IIoT) has much stricter requirements in terms of quality, security, reliability, synchronization, and so on. As such, these systems are more complex and challenging.
The need to move intelligence closer to critical processes has driven the adoption of IoT concepts in the industry, allowing for timely reaction to critical events, effective data reduction, and secure dissemination of information. The increasing availability of low-cost intelligent systems featuring heterogeneous computing architectures for control and data aggregation operations has made this achievable. Such systems do not operate in silos, but rather are part of a system of systems that generate data used to predict situations and make smarter, more informed decisions (Figure 1).
From the architectural point of view, IIoT embedded devices must have compelling processing capabilities to deliver significant results. Heterogeneous computing architectures that encompass a mix of general-purpose processors and massive parallel elements (Figure 2) are suitable for advanced IIoT applications. General-purpose processors provide powerful, stand-alone execution of floating point operations, data logging, and connectivity. And massive parallel elements such as FPGAs and graphics processing units are used to reduce data, customize algorithms, and quickly respond to critical events.
[Figure 2 | Example of heterogeneous computing architectures]
From the security point of view, because IIoT embedded devices operate at the edge, they also represent the last line of defense against attackers. This is often overlooked during the design cycle of such devices because more immediate issues such as lack of domain expertise, implementation costs, and time-to-market constraints relegate security to a secondary plane of importance. Consequently, the 2010 Stuxnet attack exposed the true vulnerability of these systems, demonstrated how much damage an industrial breach can cause, and publicly positioned industrial applications as potential targets.
Wind turbines, nuclear plants, oil and gas pipelines, and similar industrial assets are now the target of government and hacktivist groups that exploit vulnerabilities in industrial devices. The US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) estimates that attacks on US industrial targets climbed from 41 in 2010 to 198 in 2011 and 245 in 2014. As this trend continues, it is paramount to consider a different approach that would introduce cyber security concepts from the early stages of embedded device design to prevent, mitigate, and predict attacks that target highly sensitive industrial operations.
The problem described urges both a change in the way embedded devices are developed and a re-evaluation of security standards applicable to such devices. Integrated development platforms and standardization are required to guarantee seamless implementation of security requirements while maintaining interoperability with other IIoT entities. Initiatives such as the IIoT and Industrie 4.0 provide best practices and recommendations to address these challenges. However, the integration of these recommendations into an open development platform is still a big challenge the industry must overcome.
A flexible platform with support for standardized, open security technologies would greatly reduce the expertise needed to develop IIoT applications while increasing security in industrial systems. The key to making this platform useful for the IIoT is integrating the right security features so applications can automatically benefit from them. Unfortunately, a widely applicable security standard for the IIoT is still incomplete and immature (Figure 3). Until this standard is ready, designers must look for commonality among existing related standards and fill in any gaps for an integrated solution. A set of widely agreed-upon security features is possible today through open technology such as Linux.
[Figure 3 | Proposed core set of security requirements for IIoT embedded devices]
The realization of the IIoT as a feasible approach for making industrial processes more efficient requires using platforms and standards. A platform-based approach is essential to provide embedded designers with development frameworks flexible enough to meet the requirements of multiple application areas. The security aspect of these applications should not be treated differently. A platform that can enable a core set of security requirements common across multiple application areas is a first step toward security best practices standardization for the IIoT. Security features must be fully integrated into development frameworks to be useful to domain experts and embedded engineers unfamiliar with security concepts. Commercially available heterogeneous computing architectures paired with an open, flexible operating system such as Linux (Figure 4) can provide the elements for a development platform that meets the IIoT’s security needs.