Cannady mentioned how a protection mechanism deemed necessary for some sort of wireless online payment network might be deemed overkill for a manufacturer of train cars and train control systems. Yet TCG members met a Polish teenager who figured out how to take control of multiple train cars in a train yard using a cellphone. It is dangerous to assume a certain vertical industry does not need a particular layer of device security, he said.
The model TCG will use for its earliest, most critical work is to use the Trusted Platform Module 1.2 specification as a guide for having some trusted master controller in a certain layer of the network. The embedded working group then will have to decide where the authentication hardware might be necessary, and where an end node can get by with a software shim alone. The working group will try to make security services as transparent as possible, with as little hardware impact on distributed embedded nodes as possible.
The working group also is looking at applying the publish/subscribe model of the TCG IF-MAP, or Interface for Metadata Access Points, to create a “Facebook for things.” A node would automatically publish its status on a regular basis, and the status messages could be subscribed to by both automated monitoring systems and human network managers, who would create monitored subdomains unique to their needs.
Cannady said he expects the National Security Agency, as well as several other federal agencies like the Defense Department and Department of Homeland Security, to be involved in compiling recommendations on embedded secure systems, similar to the orange book/blue book series of IT standards the NSA published in the 1990s. The federal government has offered a model of this in its work on HAIPE, a telecom equipment model for evolving secure telephony to IPv6.
Multiple federal agencies have gotten “very twitchy” about the hacking problems with SCADA systems, Cannady said, and that has made the process control industry sit up and take notice. Now the commercial vertical embedded industries need to recognize the importance of security and trusted domains, but they will demand security that has a very low cost and requires little if any human intervention in network management. The TCG embedded systems working group has its work cut out for it for the near future.
The truth of the matter is that the US is extremely vulnerable on so many fronts in this cyber war. We have so much of our infrastructure that is accessible through the various networks. air traffic control and electrical generation and distribution systems are all vulnerable. In fact it is a good bet they are already penetrated and sleeper code is in place to do harm when the controlling organization or country wants to initiate an attack. I venture it is a safe bet that the US is the most vulnerable of any country.
Another long overdue consideration is that defense in cyberspace is far behind offensive capabilities. Countries like North Korea are not as susceptible to cyber attack as we are. They just don't have that much infrastructure to protect.
It will take a great deal of attention and money to bring this situation under control. Embedded chips made in other countries may not be safe from malicious code being designed into the system fromt he beginning. Detecting this and preventing it use will require additional efforts that might not be possible with the existing systems.
I agree, Ivan. This underscores the importance of recent "safety microcontroller" rollouts by TI, Freescale, and Renesas. The Embedded Systems Working Group is one more sign that we are collectively paying attention to vulnerabilities of power plants, air traffic control systems, financial systems and, yes, train yards.
The way to protect factory and any other important machine control networks is to not allow the capability of external modification to exist at all. Of course it is more convenient and cheaper to change the program and the parameters over the network. It is also not possible to have this ability and have it be secure, we all know that. But real security does have a real cost, which is that somebody would need to actually visit the controller and alter the program or settings. Any outside access is not completely secure, only fairly secure, and we all know that any security measures only last untill somebody cracks them. And that always happens.
So it becomes a trade-off of costs-which costs more, manual updates or hackers damage? Each can be calculated, and then a decision can be made.
Thanks Ivan, Chuck, William for great points. William, the ideal case you raised of a physical control over the hardware network might be re-interpreted by others to say a hard-wired physical-layer network, preferably fiber, should be used for changes in configuration. Yet someone will always come in and demand wireless updates for reasons of cost, and all the best ideas for trusted systems fly out the window. This TCG work will be interesting to watch.
The fact is that my assertion was that a primary way to be secure was to not have the capability present, not wired of fiber or wireless. Tha capability of remotely changing the program would not be present in the system. No, there is no question about it being less convenient, but a disaster is more inconvenient. But if the way to change a calibration or a program requires physicaly operating a switch at the machine, then all remote hackers are kept out.
In a world that's going green, industrial operations have a problem: Their processes involve materials that are potentially toxic, flammable, corrosive, or reactive. If improperly managed, this can precipitate dangerous health and environmental consequences.
An analysis of what’s needed to implement Design for Disassembly and Design for Recycling results in eight strategies engineers can use to design an intentional end-of-life stage into their products.
Government regulations, coupled with growing consumer sensitivity about data and identity theft, require that data storage organizations demonstrate proper protection and due diligence in protecting sensitive information stored inside datacenter enclosures.
When a crane doesn't have a monitoring system, crane owners schedule service every six months and simply scrap the parts they replace, even if a part has had little use and doesn't need replacing. This can cost thousands.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 3
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
A quick look into the merger of two powerhouse 3D printing OEMs and the new leader in rapid prototyping solutions, Stratasys. The industrial revolution is now led by 3D printing and engineers are given the opportunity to fully maximize their design capabilities, reduce their time-to-market and functionally test prototypes cheaper, faster and easier. Bruce Bradshaw, Director of Marketing in North America, will explore the large product offering and variety of materials that will help CAD designers articulate their product design with actual, physical prototypes. This broadcast will dive deep into technical information including application specific stories from real world customers and their experiences with 3D printing. 3D Printing is
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
0 
