OPERATIONAL TECHNOLOGY AND SECURITY
Considerable improvements for the security and operational efficiency of Operational Technology (OT) devices are attainable through the implementation of TrustCentral’s innovative technology. Not only may OT achieve new levels of control and protection of its legacy devices, but OT can also obtain a secure method of delivering IoT Analytics data directly to legacy devices in the field for their enhanced operational and financial performance. The following covers these problems with TrustCentral’s solutions.
Information Technology (IT) supports connections to the Internet plus related data and technology systems; focused on the secure flow of data across an organization. Operational Technology (OT) monitors and controls devices and processes of physical operational systems (e.g., assembly lines, utility distribution networks, production facilities, roadway systems, and more). IT environments have experienced a wide variety of cyberattacks and security threats for many years. Over this period much has been learned and a variety of mitigations have been deployed in a continuous process. OT has had a different history as OT systems have generally been kept isolated, not only from the Internet but from other networks as well. Therefore OT systems have not had the duration or quantity of cyberattacks as IT has experienced. The result is that OT has not identified as many attacks nor developed as many mitigations as IT has. It is important to note that the physical consequences of cybersecurity incidents in OT environments can represent, not only damage to equipment, infrastructure, and the environment, but also injury and loss of life to personnel. Also an attack to the OT environment can represent an immediate and costly shut down of an enterprise’s production operations.
EXAMPLES OF CYBERSECURITY ATTACKS ON OT
- Researchers Link Cyberattack on Saudi Petrochemical Plant to Russia (2018)
- U.S. Accuses Russia of Cyberattacks on Power Grid (2018)
- Cyberattack on a water treatment plant – chemicals manipulated (2016)
- Russian cyberattack on the Ukrainian electricity distribution (2015)
- Cyberattack on a German steel mill that caused “massive damage” (2014)
- Stuxnet malware damaged Iranian uranium enrichment systems (2010)
IT’S GETTING EASIER TO ATTACK OT
Attack tools are getting more and more advanced making attacks easier to carry out. The Internet facilitates the distribution of attack tools, making them more available and obtainable. The challenge for OT is compounded by: (a) many legacy systems and devices not having been designed or developed with high level security capabilities; (b) many existing devices having security vulnerabilities and need to be protected; (c) upgrading devices is generally capital intensive; (d) historically the investment in security upgrades for OT has been much lower than IT; (e) in OT expected life spans of systems can be measured in decades; (f) protection is difficult; (g) the risk of malicious code and attackers is real; (h) and more.
COMMON STRATEGY IS TO ISOLATE VULNERABLE OT SYSTEMS FROM OTHER SYSTEMS
Widely adopted frameworks enforce OT’s isolation from IT. The Purdue Model for Control Hierarchy is the most prevalently used in a number of industries. Under this model, IT and OT domains are put in separate zones, isolated by way of a demilitarized zone (DMZ). This creates complex walls between systems and complicates an OT network.
IOT’S VALUE AND DATA ANALYTICS
Significant value can be gained from analyzing IoT data. Not only is IoT’s value partially in the ability to connect IoT devices, but its value also comes from the understandings gained from IoT device data. Because of this, the field of IoT Data Analytics has gained prominence and value to IoT. For example, in the oil and gas industry it is estimated that 10-15% operational efficiency may be gained from the use of IoT Data Analytics, but it is generally being lost due to OT isolation. Isolation can cut OT off from benefits of machine learning and artificial intelligence.
TOWARDS A SECURE SOLUTION FOR OT ISOLATION
There are significant challenges to be overcome for meaningful improvements to OT security. Any solution should be built on a foundation of Public Key Infrastructure (PKI – the foundation of security for the Internet). A solution must support the authentication, security and trustworthiness of IoT devices, other endpoints as well as their data.
What is needed is a new security and control device. A properly designed “Trust ControllerTM” device can help. It must leverage the trust and security of PKI. It must support strong authentication, security, control and other features. Any controller device must be easily integrable into existing OT environments without the need for IT support to modify networking configurations.
TRUST CONTROLLERTM DEVICE
A Trust Controller device (“TCD”) is a hardware component that will integrate with TrustCentral’s software component in order to achieve an overall, desired result.
From the software side, the key elements of TrustCentral’s technology solution focus on TrustCentral’s “Trust Stack”.
- A proprietary Attribute Authority
- Inviter-Invitee Protocol
- Secure Communication Lines
- PKI-Enforced Whitelisting
- Secure IoT Device Groups
- API – (Application Programing Interface)
The production of the hardware Trust Controller device (with a modest piece of TrustCentral firmware to run on it) is the other part of the solution. Following is a summary of the capabilities that this technology can provide:
- A new layer of security to legacy control systems that are operating the machines that generate the enterprise’s financial bottom line
- A new layer of security to machines that have no concept of cybersecurity
- Tightly defined, authenticated and secure penetrate of the common isolation of OT from IT in order to allow designated legacy (and non-legacy) machines to utilize the real-time power of artificial intelligence and machine learning from cloud computing
- Reduced exposure to an IT or OT network by malicious attacks that may misuse network connections intended for use by legitimate OT devices
- Reduced threat of malicious attack by a bad actor who may spoof an unauthenticated legacy device
- The organization of devices into secure zones that contain related equipment among which data needs to be exchanged
- Trust Controllers used as gateways between zones: any data exiting a zone must pass through a Trust Controller; data must conform to permitted zone device protocols to transit
- Trust Controllers only send and receive data with another Trust Controller (or other supported device) with which it has an existing, authenticated, persistent, secure communication line (no exchange of data with any other endpoint)
- Reduced possibility of malicious code getting into a zone, a device or network
- Provide external vendors with remote access only to designated devices for which that vendor is responsible
- A communication path through a Trust Controller device may be physically limited to transit in one direction only (where needed for enhanced security)
- And more . . .
- Provisioning– Devices are provisioned prior to sale
- Registration– Uniquely identified purchased devices become registered with specific customers; authorized, subscribed features for each customer are activated on proper devices
- Secure Communication Lines– Secure, authenticated, persistent communication lines are established between pairs of devices as well as between device and a cloud or central network portal
DEVICE SETUP RESULTS: an efficient sales and distribution process is facilitated through a managed, cryptographically-secure process; licensed services are activated on a per-device basis in a precise, controlled manner; only authorized, registered devices may connect to cloud resources and interact for properly licensed services. Data collected is trusted because its provenance has been established through the use of cryptographic tools.
OT BENEFITING FROM AI AND MACHINE LEARNING
Provide a tightly defined, authenticated and secure method to penetrate the Purdue Model OT-IT isolation barrier in order to securely deliver real-time instructions directly to legacy field devices (e.g., oil pumps) so that OT operations can benefits from artificial intelligence and machine learning capabilities (in a cloud or IT platform) with a result of improved efficiency, lower costs and higher margins.
OT DEVICES SEGREGATED INTO SECURE ZONES
Organize devices within the company’s OT environment into zones containing related equipment among which data actually needs to be exchanged
Use Trust Controllers as gateways between zones such that any data exiting a zone must pass through a Trust Controller; allowed transmitted data must conform to permitted device protocols within that zone
Rely on the Trust Controllers to only exchange data with another paired Trust Controller such that the two controllers have an existing, authenticated, persistent, secure communication line between them.
OT DEVICE VENDORS’ ACCESS RESTRICTED TO SUPPORTED DEVICES
Secure vendor remote access to supported devices. Provide limited, authenticated and secure access specifically to only those legacy devices for which that vendor is responsible.
GENERAL SECURITY RESULTS FOR USE CASES:
- PKI-Enforced whitelisting is established for each supported device under which devices talk only to previously authenticated devices and no others (device security; anti-spoofing; anti-hacking)
- Maintenance Group Secure Access support is established for each device. Devices are pre-provisioned with a trusted certificate that identifies a Maintenance Group that the device may trust. Later when a managed device is contacted by an external endpoint claiming to be a Maintenance Group member, the device will be able to authenticate that external device as being an authentic, trusted member of the Maintenance Group (device security; maintenance reliability)
- Digital Audit trails support data integrity through the system’s optional ability to provide authentication, reputation metrics and end-to-end audit trails (trusted transactions).This feature will likely not be part of the MVP.
TrustCentral’s IoT technology will be valuable for multiple areas of IoT, including security, the intersection of IoT and blockchain, etc.
TrustCentral will provide innovative solutions in areas of IoT security. These include: authentication and security of IoT devices; reputation and trustworthiness of devices and their data; for markets such as:
- Oil and gas
- Utilities, National Grid
- Transportation (e.g., autonomous vehicles, V2V, V2I, V2X)
- Smart and connected cities
- Public safety
“Trusted transactions require
trusted provenance [origin]”
One of the major purposes of an Industrial Control System is its output of transactions and event records to be stored in a database. Whether that database is a blockchain or not, the trustworthiness of those records is critical. Blockchain transactions and event records are immutable, but if one can’t trust their provenance [the source from which they came and how they got there] how valuable are they?
How is the trustworthiness of IoT device transaction & event records affected by:
- Endpoint authentication?
Through the additional support of the Security Ecosystem’s technology, an enterprise will benefit from a higher level of trusted provenance (origin) of records and have greater confidence in trusted records being recorded on a blockchain or stored in a database. This can be accomplished with support of features such as digital signing, encryption, trust and reputation scores of endpoints, layered auditability and visualization of trusted users and secured devices. Enterprises can also gain the ability to authenticate a remotely located device and bring it online into a network with trust.
“The composite trust model is based on trusted users,
trusted devices, and users trusted,
based in-part, on use of trusted devices.”
Dr. David W. Kravitz
Operating at three levels of the IoT Reference Model
Using the technology of the Trust Stack, the TrustCentral API will offer unique and valuable services for the security, privacy, control and management of OT devices. TrustCentral’s solution is designed to support a cooperative and coordinated relationship between Operational Technology and Information Technology by providing both OT and IT targeted technologies to meet each of their needs.