Enhanced Integration Drives Need for Enhanced Cybersecurity

Enhanced Integration Drives Need for Enhanced Cybersecurity
Enhanced Integration Drives Need for Enhanced Cybersecurity
There is an increasing recognition that an integrated cybersecurity approach is required for an entire manufacturing and production company. Many manufacturing companies are realizing with the integration of IT, OT, automation and other functions that designating one leader responsible for all cybersecurity for the company is most effective. This leadership is empowered to deploy a holistic cybersecurity strategy for the entire manufacturing or production enterprise including supply chain and customers. This is accomplished by orchestrating coordinated activities of a number of functional areas in a company, including IT, OT, and automation. The Chief Information Security Officer (CISO) is most likely to take on this responsibility, recognizing that cybersecurity in IT is significantly more mature than in OT, and someone with IT security experience understands how to methodically build the cybersecurity program across the organization using a risk-based approach.

Embedded Cybersecurity at the Edge

Though edge computers are delivering greater opportunities for production and efficiency, they are also enabling greater vulnerabilities to outside influences. The software industry has been trending towards using cybersecurity practices and solutions to provide protection at the fundamental root entry points for intruders, utilizing powerful Systems on a Chip (SoC) embedded in edge devices. As these devices now include industrial controllers, process controllers, smart instrumentation, and other devices, the cybersecurity attack surface continues to grow larger. Internet of Things (IoT) applications, including consumer, municipal, industrial, connected vehicles, connected health, smart farming, and smart supply chain also put themselves at risk of intrusion.
 
In problem solving, it is always important to identify root causes and any entry point into a system is a root level cause. Systems on a Chip (SoC) and other highly integrated solutions are driving control, monitoring and analytics to the edge providing functions that in the past were done in a PLC or DCS controller. The introduction of Cyber Secure Systems on a Chip (SoC) is an architectural improvement designed to address the broad scope of cybersecurity challenges. The key building blocks include cybersecurity functions and features embedded in Systems on a Chip (SoC) incorporating microprocessors, communications, cyber services, secure update services, and other functions.
 

Joining Together to Meet Cyber Threats

These efforts are in the early stages of development by vendors and standards groups standards at this point. These efforts are leaving users with a simple question: Should purchases of industrial controllers, process controllers, smart instrumentation, and other new secure SoC and methods are integrated into those devices?
 
The goal is to incorporate this new breed of cybersecurity processors in IoT devices cybersecure systems including industrial and process automation components including sensors, actuators, motor controls, and other intelligent devices.
 
Because the cybersecurity of Level 0,1 devices is not being addressed elsewhere, the Automation and Control Systems Security committee has established a new task gr  devices are adequately addressed in the existing IEC 62443 series of standards, particularly
 
Some of the more prominent cybersecurity initiatives include these four:
 

Microsoft Azure Sphere

Microsoft is making an unexpected push into the chip business. Announcing “Azure Sphere,” Microsoft has combined chip design, a cloud security service, and a Linux kernel with the goal of better securing billions of IoT devices around the world. In 2016, Microsoft announced that it had co-designed a FPGA (Field Programmable Gate Array), in order to enhance the intelligence of its cloud servers. This was the first instance of a Microsoft designed chip. Expanding on this, representatives at the 2018 Hannover Messe described how the Azure Sphere includes (MCU) design which the company is licensing, royalty-free. Other features include:
  • The Microsoft hardware security module Pluton Security Subsystem creates a har stores private keys, and executes complex cryptographic operations to create secur
  • A new crossover MCU combines the a Cortex-A processor with the Cortex-M class
  • Built-in network connectivity provides secured, online experiences and ensures
 
The first Azure Sphere chip is the MediaTekMT3620 which incorporates Arm Cortex-A7, shared as the result of years of close collaboration and testing between MediaTek and partners include ARM, who worked closely for the integration of Cortex-A application Sphere MCUs.
 
In October of 2019, Qualcomm Technologies announced at its 5G Summit in Barcelona, developing the first cellular chip optimized and certified for Microsoft’s Azure Sphere operating system. Qualcomm Technologies’ new Azure Sphere-certified chipset for IoT level security, come preconfigured with the Azure Sphere, and will automatically connect security cloud services.
 

Google CLOUD IoT CORE

The Google CLOUD IoT CORE is a system designed for the management of connected sensors, with Google’s cloud. The platform also serves as a pipeline for securely getting devices. This effort has been enhanced through Google’s Partner ecosystem, which work with the Cloud IoT Core. These partners include: Allwinner Technology, Arm, Intel, Mongoose OS, NXP, Realtek, Sierra Wireless, and SOTEC. Microchip, specifically, pr
a Google chip partner delivering Trusted and Secure Authentication with the ATECC608A chip

Amazon FreeRTOS

Amazon is promoting the Amazon FreeRTOS, an IoT operating system for microcontrollers that are qualified through The Amazon FreeRTOS Qualification Program (Amazon FQP). Amazon FreeRTOS is open source and it extends the FreeRTOS kernel, a real-time operating system for microcontrollers.

The Amazon FQP outlines a set of security, functionality and performance requirements that all microcontrollers (along with the associated hardware abstraction layers and drivers) must meet. Open sourced and based on the FreeRTOS kernel, a real- time operating system for microcontrollers, Amazon FreeRTOS has a large ecosystem of existing tools developed for the system. Amazon FreeRTOS includes software libraries designed to help users program commonly needed IoT capabilities into devices, such as the configuration of devices to a local network using common connectivity options like Wi-Fi or Ethernet. Amazon FreeRTOS also includes an over-the-air (OTA) update feature to remotely update devices with feature enhancements or security patches. In order to secure this operating system, the Amazon FreeRTOS comes with libraries to help secure device data and connections, including support for data encryption,  key management, and Transport Layer Security (TLS v1.2) which helps devices connect securely to the cloud. Partners today that fully supports Amazon FreeRTOS features and capabilities include Espressif, Microchip, NXP Semiconductors, and STMicroelectronics.
 

Arm PLATFORM SECURITY ARCHITECTURE (PSA)

ARM has a PLATFORM SECURITY ARCHITECTURE (PSA) that includes Mbed’s Arm TrustZone technology is a System on Chip (SoC) and CPU system-wide approach to security. TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust. The family of TrustZone technologies can be integrated into any Arm Cortex-A and the latest Cortex-M23 and Cortex-M33 based systems. The Arm Mbed IoT Device  Platform is made up of two sets of products: device software and cloud-based device management services. These  products are designed to securely move data from sensor to server. The Arm Mbed IoT Device Platform is a fully integrated device management solution. It provides the operating system, gateway, device management services, and partner ecosystem to speed adoption and deployment of IoT solutions. Further, the Arm Mbed IoT Platform provides connectivity and communication for constrained devices. Partner companies have enabled 6LoWPAN, Bluetooth Low Energy, Thread, LoRa, WiFi, NFC, RFID, Mobile IoT (LPWA), cellular and Ethernet on Mbed. The Mbed IoT platform secures the device itself from untrusted or malicious code, the communications between device and cloud, and the lifecycle of the system itself using uVisor, Mbed TLS, and Mbed Client respectively.



This article is part of Bill Lydon’s Top Trends, his Automation & Control Trends Report for 2020-2021. Download the full report here

About The Author


Lydon brings more than 10 years of writing and editing expertise to Automation.com, plus more than 25 years of experience designing and applying technology in the automation and controls industry. Lydon started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers (PLCs) and process control technology. In addition to working at various large companies (e.g., Sundstrand, Johnson Controls, and Wago), Lydon served a two-year stint as part of a five-person task group, where he designed controls, automation systems, and software for chiller and boiler plant optimization. He was also a product manager for a multimillion-dollar controls and automation product line and president of an industrial control software company.

Click Here for More Information

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..

Subscribe