Cannady mentioned how a protection mechanism deemed necessary for some sort of wireless online payment network might be deemed overkill for a manufacturer of train cars and train control systems. Yet TCG members met a Polish teenager who figured out how to take control of multiple train cars in a train yard using a cellphone. It is dangerous to assume a certain vertical industry does not need a particular layer of device security, he said.
The model TCG will use for its earliest, most critical work is to use the Trusted Platform Module 1.2 specification as a guide for having some trusted master controller in a certain layer of the network. The embedded working group then will have to decide where the authentication hardware might be necessary, and where an end node can get by with a software shim alone. The working group will try to make security services as transparent as possible, with as little hardware impact on distributed embedded nodes as possible.
The working group also is looking at applying the publish/subscribe model of the TCG IF-MAP, or Interface for Metadata Access Points, to create a “Facebook for things.” A node would automatically publish its status on a regular basis, and the status messages could be subscribed to by both automated monitoring systems and human network managers, who would create monitored subdomains unique to their needs.
Cannady said he expects the National Security Agency, as well as several other federal agencies like the Defense Department and Department of Homeland Security, to be involved in compiling recommendations on embedded secure systems, similar to the orange book/blue book series of IT standards the NSA published in the 1990s. The federal government has offered a model of this in its work on HAIPE, a telecom equipment model for evolving secure telephony to IPv6.
Multiple federal agencies have gotten “very twitchy” about the hacking problems with SCADA systems, Cannady said, and that has made the process control industry sit up and take notice. Now the commercial vertical embedded industries need to recognize the importance of security and trusted domains, but they will demand security that has a very low cost and requires little if any human intervention in network management. The TCG embedded systems working group has its work cut out for it for the near future.
For further reading:
Siemens Issues SIMATIC Security Advisory.
SCADA: The Next Secure Generation.