How can it be easier to implement security? Expand Safety Terminals in Industrial Control Systems!
【Introduction】Cybersecurity concerns in industrial control systems (ICS) are bound to delay the adoption of Industry 4.0. Many business leaders find the ICS cybersecurity challenge very difficult to understand because of the complexity of many factors. Additionally, engineers developing industrial control system solutions may not yet see significant cybersecurity requirements at the device level.
Cybersecurity concerns in industrial control systems (ICS) are bound to delay the adoption of Industry 4.0. Many business leaders find the ICS cybersecurity challenge very difficult to understand because of the complexity of many factors. Additionally, engineers developing industrial control system solutions may not yet see significant cybersecurity requirements at the device level. Traditional approaches to securing industrial control systems have relied on restricting access to networks and devices and monitoring network traffic through information technology (IT) solutions. Product owners who use equipment in factories will find that cybersecurity issues are easy to fix if they treat them as IT issues.
However, with the advent of Industry 4.0, traditional methods will no longer be sufficient to secure industrial control systems. The challenges of ICS cybersecurity will ultimately delay the adoption of Industry 4.0 if companies do not have a strategy to address end-device security concerns. In order to adopt and make the most of Industry 4.0, cybersecurity must become a key part of business planning. ADI recognizes the challenges that Industry 4.0 brings to the market. While industrial markets have historically been slow to change, Industry 4.0 adoption has greatly exceeded expectations at a record pace. With these changes, cybersecurity is emerging as one of the most challenging barriers to the adoption of Industry 4.0. ICS cybersecurity standards and guidelines are already in place or are being established to keep factories safe, but they do not provide guidance on how to accelerate Industry 4.0 initiatives. Our mission is to enable our customers to adopt Industry 4.0 solutions faster by extending the secure endpoint and making it easier to implement security.
Figure 1. End equipment needs to transform to accommodate Industry 4.0 adoption.
1. Industry 4.0 is changing the cybersecurity of industrial control systems
There’s a reason Industry 4.0 is changing the ICS cybersecurity concerns. The essence of Industry 4.0 is to increase access and accessibility to equipment control in factories. This means increased access to data for greater transparency, reduced network planning, reduced capital expenditures, lower operational expenditures, increased bandwidth and optimized machine interworking. Increased access and accessibility to controls means that cybersecurity risk assessments of factory systems are changing. ICS cybersecurity solutions need to adapt to changing risks, and preventive measures traditionally implemented in the system, such as setting up firewalls and placing devices behind locked doors, run counter to the goals of Industry 4.0. This means that devices need to be hardened to allow for more functionality in a secure approach. To enable trusted data and secure operations, identity and integrity will be at the heart of every device in this space.
There are many different standards in the industrial market that provide guidance on the implementation of industrial control system security. For example, NIST provides security guidance for U.S.-regulated markets.
IEC62443 is a draft safety standard for the European regulated international market. These are the two most dominant standards that provide useful guidelines for industrial control system security implementation and security posture assessment; however, they do not provide guidance on how to accelerate the adoption of Industry 4.0. IEC 62443 does not currently provide any guidelines for implementing security under PLCs, and the recently formed ISA99 working group aims to address cybersecurity at the plant floor within the framework of IEC 62443. Currently, in order to achieve an acceptable security state for a system, precautions must be implemented on devices that do not achieve an adequate security level. These defenses often rely on methods such as firewalls to restrict access and cut off or isolate vulnerable devices. In the future, equipment will need to achieve a higher level of security to enable the transition to Industry 4.0.
2. ADI expands network security endpoints for industrial control systems
ADI has a unique advantage in scaling secure endpoints. Our traditional market space is at the physical endpoint, where the real world is converted into digital signals and data is generated. This gives us the opportunity to establish trusted data by providing identity and integrity earlier in the signal chain and build a whole new definition of secure endpoints. Traditionally, secure endpoints started as gateways, PLCs, and even servers in the industrial control system security framework. This view is reminiscent of the factory’s traditional view of IT cybersecurity, which still exists across the industrial landscape. The prospect of extending secure endpoints further down the signal chain is very attractive, as it allows decisions based on this data to have a higher level of confidence. The earlier identity and integrity are established in the signal chain, the higher the trust and trustworthiness that can be established in the data that drives decisions.
Figure 2. Decisions that enable the highest confidence: right where the physical-to-digital transformation takes place.
This view is reminiscent of the factory’s traditional view of IT cybersecurity, which still exists across the industrial landscape. The prospect of extending secure endpoints further down the signal chain is very attractive, as it allows decisions based on this data to have a higher level of confidence. The earlier identity and integrity are established in the signal chain, the higher the trust and trustworthiness that can be established in the data that drives decisions.
ICS cybersecurity cannot be addressed with a one-size-fits-all solution, and a defense-in-depth approach must be employed and applied based on a systematic risk assessment. ADI’s strategy is to extend the depth of ICS network security as Ethernet is applied to endpoints. Achieving Industry 4.0 requires a new approach to connectivity in factories. This means that Ethernet has and will continue to play a greater role in industrial control systems. ADI’s security strategy is to focus on the location of the Ethernet connection, as this can significantly change the impact of any single device on the network on the system. Our current range of Industrial Ethernet solutions and TSN solutions have been the focus of the company’s security development.
In the near term, the fido5000 RapID® platform, which offers dual-port, multi-protocol connectivity, will be able to implement several security functions, including providing key generation/management, secure boot, secure update and secure memory access to prevent network binding attacks. This product family roadmap includes a single-chip solution with hardware root of trust, secure device lifecycle management, secure communication/mutual authentication and tamper protection. As the industrial sector continues to adopt smarter sensors, factory connectivity will continue to scale downwards, driving additional security requirements at the device level. ADI is committed to developing a security product portfolio to make the adoption of ICS security solutions easier and build trust at the endpoint in order to accelerate Industry 4.0 adoption.
(Source: Analog Devices)
