Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Inside Story: Leveraging the IIC's Industrial Internet Security Framework


Published on

Originally presented on January 17, 2017

Watch replay:

Published in: Software
  • Be the first to comment

The Inside Story: Leveraging the IIC's Industrial Internet Security Framework

  1. 1. Introduction to the Industrial Internet Security Framework Stan Schneider, Ph.D., RTI CEO, IIC Steering Committee Hamed Soroush, Ph.D., RTI Senior Research Security Engineer, IIC Security WG Co-Chair
  2. 2. ©2016 Real-Time Innovations, Inc. Permission to distribute granted. The smart machine era will be the most disruptive in the history of IT -- Gartner
  3. 3. The IIoT Disruption The real value is a common architecture that connects sensor to cloud, interoperates between vendors, and spans industries You don’t compete against competitors. You compete against market transitions. – John Chambers ©2016 Real-Time Innovations, Inc.
  4. 4. Safe & Secure Apps in the IIoT • RTI experience 1000+ projects • Safety and Security critical to most • Requirements surprisingly similar across industries ©2016 Real-Time Innovations, Inc.
  5. 5. Security is not a change driver Security is a change gate IIoT is the change driver ©2016 Real-Time Innovations, Inc.
  6. 6. Change Driver: Central Generation Fails The Grid must be Distributed©2016 Real-Time Innovations, Inc. Permission to distribute granted.
  7. 7. Change Gate: DER Grid will be Secure • The OpenFMB (Field Message Bus) architecture integrates solar, wind, and storage into the grid • Dozens of vendors, several utilities, and standards organizations are building devices, user interfaces, and analytics • OpenFMB uses DDS for secure communications ©2016 Real-Time Innovations, Inc.
  8. 8. Change Driver: Mistakes Kill Hospital error is the 3rd leading cause of death in the US ©2016 Real-Time Innovations, Inc. Permission to distribute granted.
  9. 9. Change Gate: New IIoT Architecture is Secure "GE Healthcare is leveraging the GE Digital Predix architecture to connect medical devices, cloud-based analytics, and mobile and wearable instruments. The future communication fabric of its monitoring technology is based on RTI's data-centric Connext DDS platform.” -- Matt Grubis, Chief Engineer, GE Healthcare's Life Care Solutions ©2016 Real-Time Innovations, Inc.
  10. 10. Change Driver: Getting There is Dangerous and Slow ©2016 Real-Time Innovations, Inc. Permission to distribute granted.
  11. 11. Change Gate: Why Drive? • Autonomous cars (“carbots”) – Safer, faster, easier – Change everything • 30% of all jobs will end or change • Distributed carbot/city infrastructure will be secure ©2016 Real-Time Innovations, Inc. Permission to distribute granted.
  12. 12. Change is Not Easy ©2016 Real-Time Innovations, Inc. Permission to distribute granted. Cloud Services Sensing Planning Radar, LIDAR Vehicle Platform Navigation Error Management Visualization Situation Analysis Situation Awareness Vision Fusion Cameras, LIDAR, Radar … Data Fusion LoggingVehicle Control Localization DDS Secure Databus Traffic Maps DDS Databus Cars now Compete on Software
  13. 13. The Real Disruption: Culture “If you went to bed last night as an industrial company, you’re going to wake up this morning as a software and analytics company” -- Jeff Immelt GE CEO ©2016 Real-Time Innovations, Inc. Permission to distribute granted.
  14. 14. The Future of Secure, Distributed Software ©2016 Real-Time Innovations, Inc. “If you went to bed last night as a software and analytics company, you’re going to wake up this morning as a networking and security company” -- Stan Schneider
  15. 15. The IISF • Major contribution • Only wide voice on security for IIoT • First of 3 releases from IIC in the next few months! • Challenge: make it practical ©2016 Real-Time Innovations, Inc.
  16. 16. IISF Table of Contents • Introduction – Overview – Motivation – Key System Characteristics for Enabling Trustworthiness – Distinguishing Aspects of Securing the IIoT ©2016 Real-Time Innovations, Inc.
  17. 17. IISF Table of Contents (cont.) • Business Viewpoint – Managing Risk – Permeation of Trust in the IIoT System Lifecycle ©2016 Real-Time Innovations, Inc.
  18. 18. IISF Table of Contents (cont.) • Functional & Implementation Viewpoints – Functional Viewpoint – Protecting Endpoints – Protecting Communications & Connectivity – Security Monitoring & Analysis – Security Configuration & Management • Looking Ahead: The Future of the IIoT ©2016 Real-Time Innovations, Inc.
  19. 19. IISF on Trustworthiness
  20. 20. Permeation of Trust
  21. 21. Security Building Blocks
  22. 22. Endpoint Security Functions
  23. 23. Communications & Connectivity Security Functions
  24. 24. Security Monitoring & Analysis Functions
  25. 25. Security Configuration & Management Functions
  26. 26. Deeper Look at Protecting Communications & Connectivity
  27. 27. Communications & Connectivity Layers
  28. 28. Connectivity Standards & Security • Requirements for Core Connectivity Technology: – be an open standard with strong independent, international governance, such as IEEE, IETF, OASIS, OMG, or W3C, – Be horizontal and neutral in its applicability across industries, – Be applicable, stable, and proven across multiple industries, and – Have standard-defined gateways to all other connectivity standards
  29. 29. Building Blocks for Protecting Exchanged Content • Explicit Endpoint Communication Policies • Cryptographically Strong Mutual Authentication Between Endpoints • Authorization Mechanism for Enforcing Access Control Rules from Policy • Cryptographically Backed Mechanisms for Ensuring Confidentiality, Integrity, and Freshness of Exchanged Information
  30. 30. Examples
  31. 31. Information Flow Protection • Network Segmentation • Gateways & Filtering – Layer 2, Layer ¾, Application/Middleware, Message rewriting, Proxies, Server Replication • Network Firewalls • Unidirectional Gateways • Network Access Control
  32. 32. Closing Remarks ©2016 Real-Time Innovations, Inc.
  33. 33. Security is Wide and Deep ©2016 Real-Time Innovations, Inc.
  34. 34. Practical Security Needs Many Layers • System edge • Host – Machine/OS/Applications/Files • Network transport – Media access (layer 2) – Network (layer 3) – Session/Endpoint (layer 4/5) • Dataflow – Control application interaction ©2016 Real-Time Innovations, Inc. Secure systems need all four
  35. 35. Systems are About the Data Data Centricity Definition a) The interface is the data. b) The infrastructure understands that data. c) The system manages the data and imposes rules on how applications exchange data. ©2016 Real-Time Innovations, Inc. Permission to distribute unmodified granted. Database Databus Data centric storage and search of old data Data centric sharing and filtering of future data Application Application Message centric Remote Objects SOAs Application Application Data
  36. 36. Practical Security Must Match Architecture • DDS Databus controls dataflow • DDS Security secures dataflow – Control r,w access to each data item for each function • Complete Protection – Discovery authentication – Data-centric access control – Cryptography – Tagging & logging – Non-repudiation – Secure multicast • No API. No code changes. • Plugin architecture for advanced uses CBM AnalysisPMU Control Operator State Alarms SetPoint Topic Security model: • PMU: State(w) • CBM: State(r); Alarms(w) • Control: State(r), SetPoint(w) • Operator: *(r), Setpoint(w) ©2016 Real-Time Innovations, Inc.
  37. 37. Practical Security Combines Protection and Detection ©2016 Real-Time Innovations, Inc.
  38. 38. Practical Security is a Culture ©2016 Real-Time Innovations, Inc.
  39. 39. IIC Testbeds! • IIC has by far the industry’s most comprehensive testbed program • Key goals - Ensure practical guidance - Make impact - Span the industry ©2016 OMG. Permission to distribute granted.
  40. 40. Security Claims Evaluation Testbed • IIC Sponsor Companies - Xilinx - Underwriters Laboratories (UL) - Aicas • Collaborating Companies - Algotronix, EYETech, iVeia, JUXT, PFP Cybersecurity, RTI, SOC-e Endpoint - DDS DDS Stack For Public Release
  41. 41. ©2016 Real-Time Innovations, Inc. Permission to distribute granted. The smart machine era will be the most disruptive in the history of IT -- Gartner But only if it’s secure!
  42. 42. Audience Q & A Dr. Stan Schneider, Chief Executive Officer, RTI Hamed Soroush, Senior Research Security Engineer, RTI
  43. 43. Thanks for joining us Event archive available at: E-mail us at: