TechnologyMarch 28, 2019

The role of hardware in Industry 4.0 cyber security

In the transition to Industry 4.0, edge devices will make a move from implementing a complex, segregated architecture to a more fully integrated, connected approach.

Field devices of the future will combine sensing and actuating with manufacturing execution and control. These devices will not only be networked, but some of them will be directly connected to the enterprise system, internet and cloud services as well, which greatly increases cyber security risk within the system.

Industry 4.0 and the digitization of the factory can mean different things to organizational leaders in the industrial market, and the implications of digitization can have an extensive impact on cyber security as factory devices become smart and connected. This can mean transforming a factory to realize higher levels of autonomy and customization that improve the total cost of operations and bring higher value to customers.

It can also mean suppliers of systems and subsystems are making factory devices smarter to enable real-time decisions and autonomous interaction of manufacturing cells within larger, multi-celled systems and across enterprise system.

Depending on how you aspire to take advantage of the Industry 4.0 solutions, the strategy for adopting these solutions will depend on where they will be integrated in the value chain and the depth of integration within the factory.

The digitization of the factory is transforming all aspects of the value chain and directly affects both the top line and bottom line of a business. What is most commonly discussed is innovation that unlocks revenue, whether that manifests itself in new products, services, or some combination of the two.

Digital production, the use of processing and analyzing data at the edge, is demanding new product innovation, while the collection of the meta-data is resulting in new services that optimize control, maintenance, and usage. Both aspects exist in the value chain that directly impacts revenue performance.

On the flip side, cost reduction initiatives are focused on improving supply chain efficiency and optimizing operational performance. These improvements require the adoption of more capable products and services in one’s own factory.

Digitization of the factory is transforming all aspects of the value chain from product innovation, including new business models, supply chains and operational execution.

Digitization of the factory is transforming all aspects of the value chain from product innovation, including new business models, supply chains and operational execution.

It is the consumption of new product innovation that is necessary to realize below the line benefits of Industry 4.0. Depending on how one aspires to take advantage of Industry 4.0 solutions, the cyber security strategy will change to ensure the successful adoption and scaling of digital solutions in the factory.

The cyber security strategy will also change depending on how pervasive digital solutions are integrated at the edge of the industrial control loop.

The traditional industrial automation architecture is highly disparate and relies on segregating control of the field devices from the rest of the plant’s information systems, services and applications to guard against the cyber security threat. Actual field devices are typically point to point solutions with limited data exchange and edge processing, which limits the cyber security risk any one device contributes to the system.

Disrupting this typical architecture is no easy task and will need to be undertaken in a staged approach. Aggressive adopters of Industry 4.0 solutions will need to determine how deep they want to integrate new technology in the factory and drive a cyber security strategy that enables the realization of these aspirations.

The new industrial automation architecture is poised to look significantly different. Where the factory is traditionally segmented into five different levels using the Purdue model or similar, the future factory architecture will likely not equate to the same model.

The field device of the future will combine sensing and actuating with manufacturing execution and control. These devices will not only be networked into an integrated connected architecture on the factory, but some of them will be directly connected to the enterprise system, internet, and cloud services, which greatly increases the cyber security risk any one device has to the system.

In whatever way the future Industry 4.0 architecture is perceived, achieving the end goal will take a multi-staged approach and a cyber security strategy that is linked to the desired depth of integrating digital solutions in the factory.

An important hurdle is building a factory that is not only connected to the cloud, but operates in synchrony with other factory systems through cloud services.

An important hurdle is building a factory that is not only connected to the cloud, but operates in synchrony with other factory systems through cloud services.

Industry 4.0 cyber-security

There are many different perspectives on what Industry 4.0 will look like when its solutions are fully integrated. Some believe the traditional factory design will largely remain intact, while others have a more aggressive view where the new factory will hardly be recognizable by traditional standards.

Everyone can agree that the factory is changing and it won’t happen overnight. There are obvious reasons for this transition, the primary reason is the life span of devices in the field today. These devices are designed to operate well over 20 years and could remain operational much longer.

Efforts may be made to retrofit these devices to enable additional functionality and connectivity, but they will be limited by their hardware designs and the factory system architecture will have to compensate for their inadequacy. From a cyber security perspective, these devices will always be limited and present a cyber risk.

A secure device requires a secure architecture and system design approach. Retrofitting a device with security features is a stop gap approach that will always leave cyber security vulnerabilities.

Fully transitioning to the digitized factory will require devices reach high levels of security hardening to be resilient to cyber-attacks in environments capable of real-time information sharing and decision making. Resiliency, the ability to recover quickly from difficulties, has a huge influence on how cyber security is implemented and the necessary steps to a Cyber Secure Industry 4.0.

The first major hurdle to overcome is achieving compliance to new cyber security industry standards and best practices. To achieve compliance within a changing factory requires a different approach. The traditional methods of applying Information Technology (IT) security solutions that isolate, monitor, and configure network traffic will not provide the required resiliency in the Industry 4.0 factory.

As devices become connected and share real-time information, hardware security solutions will be required to enable autonomous real-time decisions while maintaining resiliency in the factory. As the approach to cyber security changes, organizations will also need to adapt to address the new challenges.

Many organizations are restructuring to build a cyber security competence that is both separately managed from the traditional engineering organization and integrated throughout the organization’s project teams. Building an organization that enables the implementation of a cyber security solution strategy to meet industry standards and best practices is the first major step to achieving the Industry 4.0 aspiration.

After gaining a solid footing with emerging security standards and instilling an organization equipped to manage security requirements across product life cycles and cross-organizational boundaries, focus can be directed toward increased autonomy within the factory cells.

Autonomy can only be achieved when devices in the factory become smart enough to make decisions based on the data they receive. The cyber security approach is a system design that builds on edge devices capable of substantiating trust in data where the data is born.

The result is confidence to make real-time decisions provided through a cyber secure system that is capable of accepting input from the real world, assessing its trustworthiness, and acting autonomously.

The final hurdle is building a factory that is not only connected to the cloud, but operates in synchrony with other factory systems through cloud services. This requires a much more wide spread adoption of digital solutions and will ultimately be the final hurdle due to the time required to fully transition to the digital factory.

Devices today are already being connected to the cloud, but in most cases, this is only to receive data. This data is analyzed and decisions are made remotely from the factory floor. A product of these decisions, may be to accelerate or delay maintenance or fine tune an automated process.

Today, it is rare that these decisions would be executed from the cloud as the field control is local to the factory and segregated from the enterprise system. As more autonomy is adopted on the factory floor, it will be more relevant to monitor and control a factory through cloud services, sharing real-time information across enterprise systems.

Connected factory hardware security

The need for Hardware Security is being driven by industry standards that reach higher levels of security to enable connected solutions in the factory.

Increasing access and accessibility of control means new risks that traditional Information Technology (IT) security solutions are ill-equipped to defend against without combining device level security with a hardware root-of-trust.

As devices are connected to a network, these devices become access points to the system at large. The damage that can be caused from any one of these access points extends to the entire network making critical infrastructure vulnerable.

Traditional security methods that rely on firewalls, malware detection, and anomaly detection need constant updating and configuration and are prone to human error. In today’s environment, it should be assumed that an adversary is already in the network. To defend against these adversaries, a defense-in-depth and zero-trust approach needs to be adopted.

To achieve the highest confidence that connected devices are operating as expected, a hardware root-of-trust is required in the device. Putting the right hardware hooks in devices today is critical to enabling a transition to tomorrow’s digital factory.

Utilizing the Xilinx Zinq UltraScale+ MPSoC (ZUS+) family of FPGA’s, Analog Devices has developed Sypher-Ultra providing higher levels of confidence to the integrity of data being generated and processed through its high-assurance cryptographic system with multiple layers of security control.

It leverages the security foundation of the ZUS+ along with additional Analog Devices developed security features to facilitate end products to meet security requirements such as NIST FIPS 140-2, IEC 62443, or Automotive EVITA–HSM. The Sypher-Ultra resides between the embedded ZUS+ capability and the end application to provide design teams with a single-chip solution to enable secure operations.

In order to provide high-assurance security, the Sypher-Ultra platform utilizes a trusted execution environment (TEE) providing a foundation for secure data at rest and in motion.
Security related features are executed primarily within the real-time processing unit and the programmable logic to afford design teams the ability to easily add their application within the application processing unit. The design eliminates the need for product teams to master all the complexities of security design and certification, while providing high levels of confidence in secure operations.

Formulating a path to achieve higher device level security is challenging especially considering the time to market constraints to meet the demanding pace of the digital factory. The complexity of implementing security requires unique skill sets and processes. Analog Devices’ secure platform provides design teams with a solution to implement security closer to the edge of the industrial control loop.

Offloading implementation complexities from product design teams, such as the security design, certification to security standards, and vulnerability analysis, greatly reduces risk and design time.

Analog Devices’ solution provides easy to use secure APIs on a commonly adopted platform enabling the co-existence of high-assurance security and higher-level applications on a single FPGA.

Sypher-Ultra technology enables secure use of the Xilinx Zynq UltraScale+ MPSoC (ZUS+) family to isolate sensitive cryptographic operations and prevent unauthorized access to sensitive IP, providing a path to the connected factory through hardware security at the edge.

Technology report by Analog Devices, Inc.