The Stuxnet virus, as well as attacks over the past several years on SCADA systems, have made security in the factory and automation sectors a front-burning issue. It's projected that there will ultimately be 50 billion embedded nodes worldwide. Of course, many of those end points will be consumer and automotive users. However, for automation pros, this effort is significant, especially since it will leverage some previous security work developed for the enterprise.
Stacy Cannady, a consultant with Digital Management Inc., worked with TCG for several years when he analyzed secure IT platforms for IBM and Lenovo. He is helping the group organize its embedded program, and he acknowledges the effort is a massive one. Stuxnet notwithstanding, he said, more vertical embedded markets remain blissfully unaware of what a widespread hack of a system might mean.
"There will be a lot of pushback if you tell people they have to flush their entire inventory of low-end microcontrollers," Cannady said. "If you tell the manufacturer of an MRI machine they ought to install a $3 component, it's no big deal. Tell that to someone with a very simple sensor node, and it's a nonstarter."
The model TCG is using is that most solutions should have no impact on an end node's hardware bill of materials. It must also be nearly invisible to the network and the system integrator running the network. A solution that uses software calls from a centralized PC or server to a node, with protected storage and processing, would be ideal. The problem comes when an industry decides a solution might be too top-heavy. That could very well be true in some situations, but the outlier cases of what hackers do might surprise some vertical embedded network managers.
Cannady mentioned how a protection mechanism deemed necessary for some sort of wireless online payment network might be deemed overkill for a manufacturer of train cars and train control systems. Yet TCG members met a Polish teenager who figured out how to take control of multiple train cars in a train yard using a cellphone. It is dangerous to assume a certain vertical industry does not need a particular layer of device security, he said.
The model TCG will use for its earliest, most critical work is to use the Trusted Platform Module 1.2 specification as a guide for having some trusted master controller in a certain layer of the network. The embedded working group then will have to decide where the authentication hardware might be necessary, and where an end node can get by with a software shim alone. The working group will try to make security services as transparent as possible, with as little hardware impact on distributed embedded nodes as possible.
The working group also is looking at applying the publish/subscribe model of the TCG IF-MAP, or Interface for Metadata Access Points, to create a "Facebook for things." A node would automatically publish its status on a regular basis, and the status messages could be subscribed to by both automated monitoring systems and human network managers, who would create monitored subdomains unique to their needs.
Cannady said he expects the National Security Agency, as well as several other federal agencies like the Defense Department and Department of Homeland Security, to be involved in compiling recommendations on embedded secure systems, similar to the orange book/blue book series of IT standards the NSA published in the 1990s. The federal government has offered a model of this in its work on HAIPE, a telecom equipment model for evolving secure telephony to IPv6.
Multiple federal agencies have gotten "very twitchy" about the hacking problems with SCADA systems, Cannady said, and that has made the process control industry sit up and take notice. Now the commercial vertical embedded industries need to recognize the importance of security and trusted domains, but they will demand security that has a very low cost and requires little if any human intervention in network management. The TCG embedded systems working group has its work cut out for it for the near future.
Originally ran in Design News