cybersecurity spotlight: looking under the hood at data breaches and hardening techniques
TRANSCRIPT
![Page 1: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/1.jpg)
Cybersecurity and Industrial IoT Control SystemsThe Connectivity Platform for the Industrial Internet of Things™
![Page 2: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/2.jpg)
2
Industrial Internet of Things (IIoT)
©2016 Real-Time Innovations, Inc.
![Page 3: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/3.jpg)
3
IIoT Systems Are Distributed
Sensors Actuators
Streaming Analytics &
Control
HMI/UI IT, Cloud & SoS Connectivity
©2016 Real-Time Innovations, Inc.
![Page 4: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/4.jpg)
4
IIoT Systems Are Distributed
Sensors Actuators
Streaming Analytics &
Control
HMI/UI IT, Cloud & SoS Connectivity
©2016 Real-Time Innovations, Inc.
Potential Vulnerability
![Page 5: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/5.jpg)
5
Threats
©2016 Real-Time Innovations, Inc.
![Page 6: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/6.jpg)
![Page 7: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/7.jpg)
7
Challenge:Security with Other Demanding Requirements
• Scalable real-time performance
• High reliability, resilience and safety
• Autonomous operation
©2016 Real-Time Innovations, Inc.
![Page 8: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/8.jpg)
8
Data Distribution Service (DDS) Standard
Data Distribution Service (DDS)
Sensors Actuators
Streaming Analytics &
ControlHMI/UI IT, Cloud & SoS
Connectivity
©2016 Real-Time Innovations, Inc.
![Page 9: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/9.jpg)
9
Key DDS Features
• Decentralized architecture– Peer-to-peer communication– No message brokers or servers– Low latency and high
scalability– No single point of failure
• Multicast– Efficient broad data distribution
• Automatic discovery– Systems are self-forming and
self-healing• Real-time Quality of Service
– Control over & visibility into timing
©2016 Real-Time Innovations, Inc.
Data Distribution Service (DDS)
Sensors Actuators
Streaming Analytics &
ControlHMI/UI
IT, Cloud & SoS
Connectivity
![Page 10: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/10.jpg)
10
Publish/Subscribe for Loose Coupling
©2016 Real-Time Innovations, Inc.
DDS Software Data Bus
Sens
or D
ata
Control App
Com
man
ds
Stat
usSensor
Sens
or D
ata
Actuator
Com
man
ds
Stat
us
Sensor
Sens
or D
ata
Display App
Sens
or D
ata
Stat
us
![Page 11: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/11.jpg)
11
Use with New and Existing Systems
New and Updated AppsExisting, Unmodified Apps and
(Sub)Systems
DDS-RTPS Interoperability Protocol
DDS App
DDS Library
DDS App
DDS Library
Transport Transport
Non-DDSApp
DDS Routing Service
Adapter
Non-DDSApp
DDS Routing Service
Adapter
OS & Transport OS & Transport
DDSAPI
©2016 Real-Time Innovations, Inc.
![Page 12: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/12.jpg)
12
This is addressed by DDS Security
Security Boundaries
• System Boundary• Network Transport
– Media access (layer 2)– Network (layer 3) security– Session/Endpoint (layer 4/5) security
• Host– Machine/OS/Applications/Files
• Data & Information flows
©2016 Real-Time Innovations, Inc.
![Page 13: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/13.jpg)
13
Data Security - Threat Model
1. Unauthorized subscription2. Unauthorized publication3. Tampering and replay 4. Unauthorized access to data by infrastructure services
Alice: Allowed to publish topic ‘T’Bob: Allowed to subscribe to topic ‘T’Eve: Non-authorized eavesdropper Trudy: IntruderMallory: Malicious insiderTrent: Trusted infrastructure service
AliceBob
EveTrudy
TrentMallory
©2016 Real-Time Innovations, Inc.
![Page 14: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/14.jpg)
14
Plugin Approach
• Requires trivial or no change to existing DDS apps and adapters
• Runs over any transport– Including low bandwidth,
unreliable– Does not require TCP or IP– Multicast for scalability,
low latency• Completely decentralized
– High performance and scalability– No single point of failure
• Fine grained control– Which data is encrypted and/or signed– Access control
Secure DDSlibrary
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport(e.g., TCP, UDP, multicast,
shared memory…)
©2016 Real-Time Innovations, Inc.
![Page 15: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/15.jpg)
15
Network
Connext DDSlibrary
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Transport(e.g., TCP, UDP, multicast,
shared memory)
Secu
rity
Plug
ins
Connext DDSlibrary
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Transport
Connext DDSlibrary
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Transport
©2016 Real-Time Innovations, Inc.
![Page 16: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/16.jpg)
16
Standard Capabilities (Built-in Plugins)Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured
shared Certificate Authority (CA) Digital Signature Algorithm (DSA) with Diffie-Hellman and
RSA for authentication and key exchangeAccess Control Configured by domain using a (shared) Governance file
Specified via permissions file signed by shared CA Control over ability to join systems, read or write data
topicsCryptography aes-128-ctr for encryption
HMAC-SHA256 for message authentication and integrity aes-128-gcm, aes-192-gcm and aes-256-gcm for
encryption with authenticationData Tagging Tags specify security metadata, such as classification level
Can be used to determine access privileges (via plugin)Logging Log security events to a file or distribute securely over
DDS
©2016 Real-Time Innovations, Inc.
![Page 17: Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques](https://reader035.vdocument.in/reader035/viewer/2022081517/5870be811a28ab0b4a8b68f5/html5/thumbnails/17.jpg)
rti.com/downloads
Start using DDS Today!Download the FREE complete RTI Connext DDS Pro package for Windows and Linux:
• Leading implementation of DDS• Includes C, C++, C#/.NET and Java APIs• Tools to monitor, debug, test, visualize and
prototype distributed applications and systems• Adapters to integrate with existing applications and
IT systems
©2016 Real-Time Innovations, Inc.