four keys to securing distributed control systems and the industrial (iot)
DESCRIPTION
Four Keys to Securing Distributed Control Systems and the Industrial IoT Originally aired November 13, 2014 View On-Demand now: http://event.on24.com/r.htm?e=879027&s=1&k=F51E9DE70EB5A3BA7A0ECB9FB2CFCB66&partnerref=rti Control systems are at the core of critical infrastructure and industrial applications. These include the power grid, medical devices, manufacturing systems, transportation infrastructure, cars and defense systems. Because of their essential role and the value of the information they exchange, these systems must be protected from both espionage and sabotage. This is becoming even more imperative as the enabling devices are increasingly connected into the Industrial Internet of Things to improve efficiency and availability. Securing control systems is particularly challenging because security cannot come at the expense of other fundamental requirements, including reliability, real-time performance, autonomy and interoperability. This webinar will introduce the new Data Distribution Service (DDS) Security standard, the first standard designed to address security for mission-critical real-time systems. It will review how the DDS standard provides authentication, confidentiality and access control while still satisfying demanding reliability and performance requirements. It will also show how DDS Security can be easily incorporated into existing systems regardless of whether or not they already use DDS. Speaker: David Barnett, Vice President of Products and MarketsTRANSCRIPT
Your systems. Working as one.
Four Keys to Securing Distributed Control Systems and the Industrial IoTDavid Barnett
Agenda
• Industrial Internet of Things
• Four Keys to IIoT Security
• Data Distribution Service
• Example: Securing the Power Grid
• Next Steps
• Q&A
2014-Nov-13 2© 2014 RTI
Industrial Internet of Things (IIoT)
2014-Nov-13 © 2014 RTI 3
IIoT Systems Are Distributed
2014-Nov-13 4© 2014 RTI
Sensors Actuators
Streaming Analytics &
Control
HMI/UI IT, Cloud & SoSConnectivity
IIoT Systems Are Distributed
2014-Nov-13 © 2014 RTI 5
Unit DataBusUnit DataBus
Example
IntelligentMachines
IntelligentSystems
IntelligentIndustrial Internet
Cloud
Enterprise LAN
IntelligentSystem of Systems
Unit LAN Segment
Sense Act
Think HMI
Intra-machine
Think HMI
Intra-machine
Sense Act
Think HMI
Intra-machine
2014-Nov-13 © 2014 RTI 6
IIoT Unique Requirements
• Real-time performance
• Safety
• Security
2014-Nov-13 © 2014 RTI 7
Four Keys to Securing the IIoT
#1: Decentralized Architecture
Consumer Internet of ThingsCentralized, Hub and Spoke
Information Technology SystemsPremises or Cloud
2014-Nov-13 © 2014 RTI 10
Consumer IoT and Traditional IT
• Limited scalability and performance– Intermediary = poor latency and determinism– Centralized broker/server is bottleneck and choke point– Expensive to scale: need more servers– Capacity constrained by individual links and switch ports
• Poor robustness– Single point of failure/failover– Tied to server maintenance and failures– Single point of vulnerability
• Lessens capabilities and utility– Single centralized “brain”– No autonomy or intelligence at the edge
• Centralized ESB, Message Broker or Server
• E.g.: MQTT, XMPP, AMQP, CoAP, Web Services
2014-Nov-13 © 2014 RTI 11
IIoT Needs Analytics & Control at the Edge
• Lower latency control for faster response
• Highly resilient, no single point of failure
• Analyze orders of magnitude more data
IT/Cloud
2014-Nov-13 © 2014 RTI 12
#2: Access Control
Can’t Rely on Physical Security or Limited Access
Unit DataBusUnit DataBus
Cloud
Enterprise LAN
Unit LAN Segment
Sense Act
Think HMI
Intra-machine
2014-Nov-13 © 2014 RTI 14
Q4 2013 Reported Cyber Incidents toU.S. Critical Infrastructure
http://ics-cert.us-cert.gov/monitors/ICS-MM201312
2014-Nov-13 © 2014 RTI 15
Threats
2014-Nov-13 © 2014 RTI 16
ThreatsAlice: Allowed to publish topic TBob: Allowed to subscribe to topic TEve: Non-authorized eavesdropper Trudy: IntruderTrent: Trusted infrastructure serviceMallory: Malicious insider
1. Unauthorized subscription2. Unauthorized publication3. Tampering and replay 4. Unauthorized access to data by
infrastructure services
2014-Nov-13 © 2014 RTI 17
#3: No Dependence on TCP or Transport Layer Security
Problems with TCP and IP
• TCP– No control over latency
– No multicast: inefficient onemany and manymany communication
– Requires reliable network with reasonable bandwidth
• IP can also be inefficient…– Over very low bandwidth networks(e.g., satellite)
– Over high speed interconnects (e.g., shared memory and RDMA)
2014-Nov-13 © 2014 RTI 19
Transport Layer Security (TLS/SSL)
1. Authenticate
– Verify identity
2. Securely exchange cryptographic keys
3. Use keys to:
– Encrypt data
– Add a message authentication code
App 1 App 2
2014-Nov-13 © 2014 RTI 20
Limitations of Transport Security:No Inherent Access Control
• You’re authenticated or you’re not
• Less an issue for centralized systems
– E.g.: non-real-time IT and consumer IoT systems
– Broker centrally manages access control
Device
App App App
Device Device
Message Broker
• Poor performance and scalability
• Single point of failure/failover
2014-Nov-13 © 2014 RTI 21
Limitations of Transport Security:Overall Poor Performance and Scalability
• No multicast support (even with DTLS over UDP)– Broad data distribution is very inefficient
• Usually runs over TCP: poor latency and jitter• Requires a network robust enough to support IP
and TCP• All data treated as reliable
– Even fast changing data that could be “best effort”
• Always encrypts all data, metadata and protocol headers– Even if some data does not have to be private
• Security is at a very gross level
2014-Nov-13 © 2014 RTI 22
#4: Interoperability (Open Architecture)
Need for Interoperability
• IIoT systems typically composed of components from many suppliers
• IIoT systems have long lifecycles
– Interoperability enables modularity
Traditional Approach
2014-Nov-13 © 2014 RTI 25
Traditional Approach
2014-Nov-13 © 2014 RTI 26
Traditional Approach
2014-Nov-13 © 2014 RTI 27
Traditional Approach
• Hard coded connections
• Up to O(n2)
• Complex
• Hard to maintain, evolve, re-use
E.g., sockets, RPC
2014-Nov-13 © 2014 RTI 28
Result
Time & cost of integration,
maintenance and upgrades
System Scale and Age
O(n2)
2014-Nov-13 © 2014 RTI 29
Solution: Modularity
2014-Nov-13 © 2014 RTI 30
Key: Interoperability
Well-defined:
• Interfaces
• Semantics
2014-Nov-13 © 2014 RTI 31
Data Distribution Service
Designed for the Industrial Internet of Things
For loose coupling, provides:• Discovery• Routing• High-availability• QoS enforcement
• Well-define interfaces
• Standard interoperability Protocol
Data Distribution Service
2014-Nov-13 © 2014 RTI 33
DDS Standard
• Interoperability and portability
– Data model specification and discovery
– Network protocol
– Programming interface
• Managed by Object Management Group (OMG)
Cross-vendor source portability
Cross-vendor interoperability
Standard Protocol
DDS Implementation
Standard APIData
Model
2014-Nov-13 © 2014 RTI 34
Peer-to-Peer Communication
• Completely decentralized
• No intermediate servers, message brokers or ESB
• Low latency
• High scalability
• No single point of failure
DDS-RTPS Wire Interoperability Protocol
App or Component
DDS Library
App or Component
DDS LibraryDDSAPI
2014-Nov-13 © 2014 RTI 35
Easy Integration of Existing Components
Unmodified App
DDS-RTPS Wire Interoperability Protocol
DDS Routing Service
Adapter
Unmodified App
DDS Routing Service
AdapterApp or
Component
DDS Library
App or Component
DDS Library
DDS or other protocol
DDSAPI
New and Updated Applications Existing, Unmodified Applications
2014-Nov-13 © 2014 RTI 36
Seamless Sensor-to-Cloud ConnectivityConnect Everything, Everywhere
• Proximity
• Platform
• Language
• Physical network
• Transport protocol
• Network topology
Data Distribution Service
Seamless data sharing regardless of:
2014-Nov-13 © 2014 RTI 37
Example: RTI Connext Availability
• Programming languages and environments– C, C++, C#/.NET, Java, Ada
– Lua, Python
– LabVIEW, MATLAB, Simulink, UML
– REST/HTTP
• Operating systems– Windows, Linux, Unix, Mac OS
– Mobile
– Embedded, real time
– Safety critical, partitioned
• Processor families– x86, ARM, PowerPC…
– 32- and 64-bit
• Transport types– Shared memory
– LAN (incl. multicast)
– WAN / Internet
– Wireless
– Low bandwidth
2014-Nov-13 © 2014 RTI 38
Foundation: Publish/Subscribe
Data Distribution Service
Control
App
Co
mm
and
s
Sensor
Sen
sor
Dat
a
ActuatorSensor
Sen
sor
Dat
a
Display
App
2014-Nov-13 © 2014 RTI 39
Support for Mission-Critical Systems
• Autonomous operation– Automatic discovery
– No sys admin or centralized infrastructure
• Non-stop: no single point of failure
• QoS control and visibility into real-time behavior, system health
• Embeddable
• Proven in 100,000s of deployed devices
2014-Nov-13 © 2014 RTI 40
DDS Security
• Security extensions to DDS standard• Requires trivial or no change to
existing DDS apps and adapters• Runs over any transport
– Including low bandwidth, unreliable– Does not require TCP or IP– Multicast for scalability, low latency
• Plugin architecture– Built-in defaults– Customizable via standard API
• Completely decentralized– High performance and scalability– No single point of failure
Secure DDSlibrary
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport(e.g., TCP, UDP, multicast, shared memory, satellite)
2014-Nov-13 © 2014 RTI 41
2014-Nov-13 © 2014 RTI 42
Standard Capabilities
Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)
Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange
Access Control Specified via permissions file signed by shared CA Control over ability to join systems, read or write data
topicsCryptography Protected key distribution
AES128 and AES256 for encryption HMAC-SHA1 and HMAC-SHA256 for message
authentication and integrity Data Tagging Tags specify security metadata, such as classification level
Can be used to determine access privileges (via plugin)Logging Log security events to a file or distribute securely over
Connext DDS
2014-Nov-13 © 2014 RTI 43
Protections
ProtectedObjects
Domain (by domain_id)Topic (by Topic name)DataObjects (by Instance/Key)
Protected Operations
Domain.joinTopic.createTopic.read (includes QoS)Topic.write (includes QoS)Data.createInstanceData.writeInstanceData.deleteInstance
2014-Nov-13 © 2014 RTI 44
Control over Encryption
• Scope
– Discovery data
– Metadata
– Data
• For each:
– Encrypt
– Sign
• Optimizes performance by only encrypting data that must be private
2014-Nov-13 © 2014 RTI 45
Example Domain Governance
2014-Nov-13 © 2014 RTI 46
Example Permissions
2014-Nov-13 © 2014 RTI 47
DDS Security Status
• Standard adopted March 2014
• Considered “Beta” for 1 year
• RTI chairing Finalization Task Force
• Available now from RTI
2014-Nov-13 © 2014 RTI 48
Security Example:Power Grid
In Partnership with PNNL
© 2014 RTI
Data Security Requirements
Data Item Authentica-tion
Access Control
Integrity Non-repudiation
Confidentiality
Control traffic X X X X X
Data Telemetry traffic
X X
PhysicalSecurity Data
X X X
Engineeringmaintenance
X
Source: www.sxc.hu
2014-Nov-13 © 2014 RTI 50
Test Environment
• Real World Environment– Transmission switching
substation
– Real substation equipment
• PNNL powerNET Testbed– Remote connectivity
– Local control room demonstration environment
– Dynamically reconfigurable
2014-Nov-13 © 2014 RTI 51
SCADA Equipment Setup
2014-Nov-13 © 2014 RTI 52
Control Station
DNP3 MasterDevice
Transmission Substation
DNP3 Slave
Device
RTI and PNNL Grid Security Retrofit
RTI Routing Service
ComProcessor
RTI Routing Service
Gateway
DNP3 Slave
Device
DNP3 overRS232/485
DNP3 overEthernet DNP3 over DDS
RTI Routing Service
Gateway
DDSLAN
DDSLAN
RTI Routing Service
ComProcessor
IPRouter
IPRouter
DDS over WAN
Secure DDS
over UDP
Attack Detector
Display
ScadaConverter
AnomalyDetector
Effective DNP3 connection
Details at http://blogs.rti.com
2014-Nov-13 © 2014 RTI 53
About RTI
• Market Leader– 1,000+ projects use Connext DDS– Over 70% DDS middleware market share1
– Largest embedded middleware vendor2
– 2013 Gartner Cool Vendor for technology andOpen Community Source model
• Standards Leader– Active in 15 standards efforts– DDS authors, chair, wire spec, security, more– IIC steering committee; OMG board
• Team Quality Leader– Stanford research pedigree– High-performance, control, systems experts– Top quality product, processes, execution
© 2014 RTI
1Embedded Market Forecasters2VDC Analyst Report
2014-Nov-13 54
IIoT Infrastructure Trusts RTI
• World’s largest Wind Power company• World’s largest Underground Mining Equipment company• World’s largest Navy (all surface ships)• World’s largest Automotive company• World’s largest Emergency Medical System company• World’s largest Medical Imaging provider• World’s 2nd largest Patient Monitoring manufacturer• World’s 2nd largest Air Traffic control system• World’s largest Broadcast Video Equipment manufacturer• World’s largest Launch Control System• World’s largest Telescope (under construction)• World’s 5th-largest Oil & Gas company• World’s 6th-largest power plant (largest in US)• All of world’s top ten defense companies
RTI designed into over $1 trillion
2014-Nov-13 © 2014 RTI 55
RTI Named Most Influential IIoT Company
2014-Nov-13 56© 2014 RTI
Four Keys to Securing the IIoT
• Decentralized architecture
• Access control
• No dependence on TCP orTransport Security
• Interoperability (Open Architecture)
2014-Nov-13 57© 2014 RTI
Next Steps – Learn More
• Contact RTI– Demo, Q&A
• Download software– www.rti.com/downloads
– Free trial with comprehensive tutorial
– RTI Shapes Demo
• Watch videos & webinars, read whitepapers– www.rti.com/resources
– www.youtube.com/realtimeinnovations
2014-Nov-13 © 2014 RTI 58
www.rti.com
community.rti.com
demo.rti.com
www.youtube.com/realtimeinnovations
blogs.rti.com
www.twitter.com/RealTimeInnov
www.facebook.com/RTIsoftware
dds.omg.org
www.omg.org
www.slideshare.net/GerardoPardowww.slideshare.net/RealTimeInnovations
2014-Nov-13 © 2014 RTI 59