Automation World once reported, “The interesting thing about Dragonfly is that it targeted ICS information not for the purpose of causing downtime, but for the purpose of intellectual property theft. Potential damage could include the theft of proprietary recipes and production batch sequence steps, as well as network and device information that indicate manufacturing plant volumes and capabilities.”
The system solution to mitigating something like this is to implement secure boot for the main PLC CPU. This is a way of authenticating the firmware and only accepting software that has a valid digital signature. Depending on the requirements, you could also encrypt the firmware.
Security processing demands can easily overwhelm the MIPS of a traditional PLC CPU or even create latency issues. This is best done by off-loading the security functions to a low-cost, off-the-shelf secure microprocessor that is built for these functions, as shown in Fig. 6. The system shown here uses an external secure microprocessor to validate the firmware’s digital signature.
All the above examples use keys to enable authentication, but this raises the question of key protection. Physical security of an encryption key is of prime consideration in many applications, since there is no security once the key is compromised.
To properly address physical security, several issues must be considered. These include a physical mechanism for generating random keys, a physical design that prevents covert electronic interception of a key that is being communicated between authorised agents, and a secure method of storing a key that protects against clandestine physical and mechanical probing.
Various secure key-storage devices provide system designers a host of features that range from package design to external-sensor interfaces and internal circuit architectures. These requirements were developed by American military in the form of FIPS 140 standard, and many chip vendors provide very comprehensive tamper-proof capabilities that can be used in ICSes.
The future of the IoT security
There may be other approaches to security as well, and as you begin to realise how important security is in a connected factories environment, you will eventually coalesce around a few approaches.
The IIoT in manufacturing is in high demand, and is a growing trend. Security will also eventually grow to cover vulnerabilities, but the need is already here.
Suhel Dhanani is senior principal MTS, industrial strategy, Maxim Integrated, San Jose, CA, USA
Fig. 1: The IIoT stack from an automation perspective
Fig. 2: Potential IIoT benefits
Fig. 3: Mapping security by plant network levels
Fig. 4: Authenticating the slave module—can be used with both a field sensor and an I/O module
Fig. 5: Sensor authentication with SHA-256 (private key)
Fig. 6: Secure boot of the main PLC CPU
