Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2017 Wind River. All Rights Reserved.
Secure Device Management for the Industrial Internet of ThingsEmeka Nwafor
SeniorDirector,ProductsandEcosystemIoT Cloud
2 © 2016 Wind River. All Rights Reserved.
2
ON-DEMAND SELF-SERVICE
SCALE ECONOMICS & FLEXIBLE PRICING
UBIQUITOUS NETWORK ACCESS
RAPID ELASTICITY
RESOURCE POOLING
CLOUD COMPUTING
3 © 2016 Wind River. All Rights Reserved.An Intel Company
© 2017 Wind River. All Rights Reserved.3
(DE-)CENTRALIZATION
MainframeCentralized1960-1970
Mobile-CloudCentralized2005-2020
Client-ServerDistributed1980-2000
IoTDistributed
2020-
4 © 2016 Wind River. All Rights Reserved.
DIGITAL TRANSFORMATION – DEFINITION
The use of technology to radically improve performance or reach of enterprises
4 © 2017 WIND RIVER. ALL RIGHTS RESERVED.
5 © 2016 Wind River. All Rights Reserved.An Intel Company
© 2017 Wind River. All Rights Reserved.5
DIGITAL TRANSFORMATION
Business Drivers§ Newapproachforbusinessstrategy
§ Increasedefficiency,safety,resourcesustainability
§ Needforsmartmaintenanceapproaches
6 © 2016 Wind River. All Rights Reserved.
Factory Automation
Complexity
7 © 2016 Wind River. All Rights Reserved.
Transportation
Revenue & Profitability
8 © 2016 Wind River. All Rights Reserved.
Challenges
Technical Business
Security and Trust
Interoperability
Integration of OT / IT
Data Analytics
Solution Scalability
Cost Budget
Security
Lack of Solutions
An Intel Company© 2017 Wind River. All Rights Reserved.8
9 © 2016 Wind River. All Rights Reserved.
Security threats are real.
The Mirai IoT BotNet DDOS Attacks compromised500,000 devices worldwide
10 © 2016 Wind River. All Rights Reserved.An Intel Company
The Internet of Things is broadly understood as a simple topology of cloud connected intelligent devices on a network.
© 2017 Wind River. All Rights Reserved.10
11 © 2016 Wind River. All Rights Reserved.An Intel Company
For decades many of these “Smart Things” were secured by their physical context, network air gaps, or no network connectivity at all.
To enjoy the benefits of IoT, these existing systems must be connected.
Newer devices intended for similar systems will be connected from day one.
© 2017 Wind River. All Rights Reserved.11
12 © 2016 Wind River. All Rights Reserved.© 2017 Wind River. All Rights Reserved.12An Intel Company
The emergence of Fog architectures complicates the IoT topology, bringing data-center like compute and storage, much closer to the edge and accelerating the adoption of IT-like virtualization in the OT domain.
13 © 2016 Wind River. All Rights Reserved.© 2016 Wind River. All Rights Reserved.13An Intel Company
Each node in the topology represents one or more attack vectors and security depends on a comprehensive approach that minimizes the attack surface of a given system.
SECURE DEVICES
SECURE DEVICE INTERCONNECTIVITY
SECURE NETWORK
SECURE DATACENTER
SECURE DEVICE MANAGEMENT
SECURE SYSTEM
14 © 2016 Wind River. All Rights Reserved.An Intel Company
Whether you are implementing a single standalone device or an end-to-end system,the device is the foundational component.
Software runs on diverse hardwareall of which must be secured:§ Microcontroller platforms§ Embedded processors§ Ruggedized PCs§ Industrial servers§ Mobile phones§ Tablets/Laptops/Desktops§ Network blades§ Data center servers
In the Software Defined World, security begins with devices.
© 2017 Wind River. All Rights Reserved.14
15 © 2016 Wind River. All Rights Reserved.An Intel Company
Interconnection between devices forms the Data Plane.
§ Upstream communication to accomplish the system’s mission
§ Downstream communication to accomplish the system’s mission
§ What needs to be communicated?§ Includes attributes:
– QualityofService(QoS),Latency,Bandwidth,Resiliency,Confidentiality,Integrity
Devices communicate:Secure the communications.
© 2017 Wind River. All Rights Reserved.15
16 © 2016 Wind River. All Rights Reserved.An Intel Company
Configuration of device functions, connections, and communications forms the Control Plane.
§ Control Plane interfaces can be in-band or out-of-band– In-band:
Communication shared with the Data Plane– Out-of-band:
Communication independent from Data Plane§ The Control Plane establishes the resources
needed to implement the Data Plane
If a device cannot be updated,the device is not secure.
© 2017 Wind River. All Rights Reserved.16
17 © 2016 Wind River. All Rights Reserved.An Intel Company
Monitoring and coordination of systems and subsystems forms the Management Plane.
§ The management plane orchestrates the Control Plane to achieve system objectives– Resiliency, Connectivity, QoS, Availability,
Integrity, Confidentiality, Latency, Bandwidth, Locality
If a device cannot be updated,the device is not secure.
© 2017 Wind River. All Rights Reserved.17
18 © 2016 Wind River. All Rights Reserved.© 2017 Wind River. All Rights Reserved.18An Intel Company
Wind River Helix is our comprehensive portfolio of software solutions for addressing the system-level challenges and opportunities of IoT
CUSTOMERPREMISE
CLOUD
DEVICES
CORE NETWORK
§ Hundreds§ Hosting IoT Analytics§ Cloud Scale § General Purpose Compute
§ Thousands§ Backhaul§ IP/MPLS, Security, Multicast§ Quality of Service
§ Tens of Thousands§ Multi-Service Edge§ 3G/4G/LTE/5G§ WiFi, RF Mesh, PLC
FOGNETWORK
§ Tens of Millions, Growing to Billions§ Embedded Systems§ Sensors§ Low Power, low bandwidth
© 2017 Wind River. All Rights Reserved.19
Wind River Helix: Securinga typical Software DefinedIndustrial System
SECURE COMMUNICATIONS
SECURE DEVICES
SECURENETWORK
MANAGEMENT AND MONITORING
20 © 2016 Wind River. All Rights Reserved.
IoT Device Lifecycle ManagementConnect – Operate – Protect
Deploy• Provisioning• Authentication• Security
Monitor• Health and status• Alerts• Notifications
Service• Run commands• Get log files• Remote access
Manage• Properties• Change tracking
Update• Deliver files• Execute updates• Track status
Decommission• Agent deactivation• Factory reset• Recycling
21 © 2016 Wind River. All Rights Reserved.
Wind River Helix Device CloudSecurity Capabilities
SECURE CONNECTIVITY
ERP
CRM
SERVICECLOUD
ENTERPRISE IT
Confidentiality Integrity
Encrypted Communication
Secure Device SDK
Role-based Access
Mutual Authentication
Multi-tenant, separated
File integrity checking
Signed update packages
Security monitoring
Anti-spoofing
An Intel Company© 2017 Wind River. All Rights Reserved.
Call to ActionContact us to learn more about Wind River Helix and our solutions for the Industrial Internet of Things