Securing the Industrial Internet of Things

Investment in new technology and manufacturing methodologies is being driven by the Industrial Internet of Things (IIoT) as companies rush to capitalize on a predicted 14 trillion dollar economic gain in a wave of new connected devices, which themselves require new, strong security solutions. 

 

 

Many small endpoint devices running real-time operating systems often perform critical functions in our factories, electric grid, transportation infrastructure and other essential elements of modern society. The viability of the Industrial Internet of Things (IIoT) therefore depends on the security of the endpoints, the network and all of its subsystems. Unfortunately though, traditional security solutions do not scale down to support the RTOS-based devices that make up the bulk of the IIoT. New solutions and approaches are required. 

The IIoT is being hailed by some as the next great industrial revolution. By some estimates, there are more than 60 million machines in factories worldwide and 90 percent are not connected. It is no surprise that companies are looking at this opportunity to create new connected IIoT, not just to reduce costs of operation or eliminate downtime, but to add new solutions and services for new revenue streams. An important area in which the IIoT creates value is the creation of a network of device endpoints: smart, connected sensors and controllers that not only talk to each other, but also monitor and manage a wide range of machines and industrial systems. By combining this connectivity and functionality with analytics, information technologies and operational technologies, owners of industrial plants will obtain major benefits. For example, factories can be designed to adapt in real time to changes during production, or to anticipate and avoid events that might degrade operations.

Additionally, predictive maintenance programs can be implemented to eliminate the downtime or catastrophic consequences caused by unanticipated failures of critical system components. By achieving even small percentage gains in plant operations or reductions in unplanned downtimes, these types of upgrades will dramatically improve the profitability of manufacturing operations. To take full advantage of the improvement opportunities offered by the IIoT, an entire system—from sensors, actuators and motors, up through the controllers—should be connected to information and operational technology systems, and beyond into the cloud. Expanded connectivity will boost efficiencies in operations and integrate the supply chain more tightly and in innovative ways. It will also enable entirely new business models and revenue streams.

Substantial challenges

Although connectivity is the key to unlocking the full potential value of the IIoT, it brings a risk of cyberattacks. When systems are connected to the Internet and larger corporate networks, cyberattacks become possible, even likely, from external and internal sources—whether accidental or malicious. The benefits of the IIoT therefore cannot be achieved without multiple layers of security that successfully protect all the networked systems and devices. Secure communication, secure network monitoring and securing code execution at the device level are essential, not optional. It is critical for system engineers to address security issues at every layer.

Although traditional IT-endpoint security and network-monitoring solutions protect IT business applications, such solutions won’t work for the embedded devices closest to the physical systems. These operational assets must be protected against cyberattacks by integrating security directly into the endpoint devices themselves.  Minimizing vulnerabilities requires both specialized security hardware as well as software. To support enterprise security standards, embedded devices must incorporate the following key features: secure boot code, secure application updates, tightly controlled authentications, and secure communication protocols.

Categorizing vulnerability

Security in its simplest form entails ensuring that authorized operations and actions are allowed, while unauthorized actions are blocked. Most cyberattacks against embedded devices exploit one of the following categories of vulnerabilities.

Insecure by design: devices that use hard-coded passwords, transmit login credentials in the clear, allow remote accesses without authentication, or have other obvious unprotected interfaces.

Security with significant loopholes: devices with built-in backdoors, which use weak or default passwords, permit plaintext storage or transmission of encryption keys, or have similar vulnerabilities.

Good, but partial security: devices that provide strong security against certain types of attacks, but leave other interfaces unprotected. Prime examples are systems that implement TLS only for some but not all communication; and security protocols in which the setup-phase encryption key is exchanged without being encrypted, making them vulnerable to eavesdropping attacks.

Other examples include systems that implement secure communication, but don’t incorporate secure boot capability; and systems that have a secure operating system, but fail to secure the application layer. Features that are vulnerable to exploitation: Devices that have weak encryption, exploitable buffer overflows or zero-day vulnerabilities, or cannot withstand brute-forcing of their authentication mechanisms. The hackers depicted in movies and on TV typically take advantage of these types of deficiencies. Unfortunately, although it’s vitally important to secure networked devices against such vulnerabilities, the reality is that most currently deployed embedded devices cannot withstand even very basic forms of cyberattacks. Ensuring the security of IIoT devices requires addressing all of the issues described above. Ideally, robust design solutions will include adaptable security policy management and the ability to securely update firmware to protect against new types of attacks as they emerge.

System and device complexity

The Industrial Internet of Things encompasses a wildly diverse range of connected devices and systems: from small to large, simple to complex. They span from commercial gadgets to sophisticated systems found in military, utility and processing/manufacturing systems.

Embedded devices are very different from standard PCs or other IT products, but they constitute important and growing elements of the expanding web-connected network. Many of them use specialized real-time operating systems such as ThreadX, μC/OS-III or Nucleus, or a stripped-down version of Linux. Installing new software on most embedded devices deployed in the field either requires a specialized upgrade process or simply can’t be done. Further, in most cases, these ubiquitous devices are optimized to minimize processing cycles and memory usage. Therefore, they don’t have the extra processing resources required to support traditional security mechanisms. As a result, standard PC security solutions cannot solve the challenges of making embedded devices safe from cyberattacks.

In fact, given the specialized nature of embedded systems, PC security solutions won’t even run on most embedded devices. The driving principle for enterprise security is to provide multiple layers of protection. Firewalls, authentication/encryption schemes, security protocols, and intrusion-detection/intrusion prevention mechanisms are well established, widely adopted enterprise security solutions. Nevertheless, firewalls and intrusion detection features are virtually absent in embedded systems, which typically rely on simple password authentication and security protocols. Typically, makers of embedded devices have assumed that their products aren’t attractive targets to hackers. Other common perceptions have been that networked embedded devices aren’t vulnerable to attacks and that authentication and encryption can adequately protect against cyberattacks.

These assumptions are no longer valid. Today the number and sophistication of attacks against embedded devices is rising to worrisome levels. This trend has impacted many new product designs. Whereas cybersecurity has long been a critical focus for large enterprises, it’s now a strong focus for most system engineers building sensing and control devices. Fortunately, rather than reinventing the wheel, product developers can apply the security principles used to implement enterprise security. To ensure security for embedded devices, given their specialized nature, the following concerns must be addressed:

Preservation of functionality

Embedded control devices are at the heart of the transportation infrastructures, utility grids, communication systems and other elements essential to modern society. Successful cyberattacks on them can have catastrophic consequences. Thus, security solutions must protect both the data stored on networked embedded devices and safeguard the operations they perform.

Attack replication

After embedded devices are developed, they are mass-produced. If a hacker can find a way to successfully attack one of these devices, that attack can be replicated across all devices of the same type. Thus, a single-point breach can become a mass-failure mechanism.

Assumed security 

Many system engineers have long assumed that embedded devices are not targets for hackers; i.e., they have relied on security by obscurity. That assumption is totally false today. Security should now be considered a top priority for most embedded designs.

Upgrade difficulties

Most embedded devices are not easily patched. After they are deployed, they run factory-installed software for as long as they remain operational, even if that code has security vulnerabilities.

Secure Foundations 

Cryptographic methods provide the foundation for implementation of many of the features used to secure embedded devices including secure data storage, secure communication protocols, and secure boot. These techniques require cryptographic keys, which must be kept secret. System engineers often implement secure key storage in hardware using a hardware security module (HSM). Most HSMs also offer both crypto-acceleration to offload computation-intensive operations from the main CPU and True Random Number Generation (TRNG). Additionally, some HSMs provide protected code execution that allows security-critical operations to run in a separate memory space that user-space code cannot access. This prevents programs in the user space from tampering with the operation of security-critical features or stealing keys.

Regardless of whether encryption is implemented in hardware or software, most security protocols employ both symmetric and asymmetric types. IPsec does this unless pre-shared keys are used, and TLS uses asymmetric encryption to securely exchange a secret key at the start of a session. Subsequently, IPsec and TLS both transition to symmetric encryption using the secret key established during the key-exchange process.

by  Renesas; & Icon Labs