Secure Device Management for the Industrial …...© 2017 Wind River. All Rights Reserved. Secure Device Management for the Industrial Internet of Things EmekaNwafor Senior Director,

© 2017 Wind River. All Rights Reserved.

Secure Device Management for the Industrial Internet of ThingsEmeka Nwafor

SeniorDirector,ProductsandEcosystemIoT Cloud

2 © 2016 Wind River. All Rights Reserved.

2

ON-DEMAND SELF-SERVICE

SCALE ECONOMICS & FLEXIBLE PRICING

UBIQUITOUS NETWORK ACCESS

RAPID ELASTICITY

RESOURCE POOLING

CLOUD COMPUTING

3 © 2016 Wind River. All Rights Reserved.An Intel Company

© 2017 Wind River. All Rights Reserved.3

(DE-)CENTRALIZATION

MainframeCentralized1960-1970

Mobile-CloudCentralized2005-2020

Client-ServerDistributed1980-2000

IoTDistributed

2020-


DIGITAL TRANSFORMATION – DEFINITION

The use of technology to radically improve performance or reach of enterprises

4 © 2017 WIND RIVER. ALL RIGHTS RESERVED.



DIGITAL TRANSFORMATION

Business Drivers§ Newapproachforbusinessstrategy

§ Increasedefficiency,safety,resourcesustainability

§ Needforsmartmaintenanceapproaches


Factory Automation

Complexity


Transportation

Revenue & Profitability


Challenges

Technical Business

Security and Trust

Interoperability

Integration of OT / IT

Data Analytics

Solution Scalability

Cost Budget

Security

Lack of Solutions

An Intel Company© 2017 Wind River. All Rights Reserved.8


Security threats are real.

The Mirai IoT BotNet DDOS Attacks compromised500,000 devices worldwide


The Internet of Things is broadly understood as a simple topology of cloud connected intelligent devices on a network.



For decades many of these “Smart Things” were secured by their physical context, network air gaps, or no network connectivity at all.

To enjoy the benefits of IoT, these existing systems must be connected.

Newer devices intended for similar systems will be connected from day one.


12 © 2016 Wind River. All Rights Reserved.© 2017 Wind River. All Rights Reserved.12An Intel Company

The emergence of Fog architectures complicates the IoT topology, bringing data-center like compute and storage, much closer to the edge and accelerating the adoption of IT-like virtualization in the OT domain.


Each node in the topology represents one or more attack vectors and security depends on a comprehensive approach that minimizes the attack surface of a given system.

SECURE DEVICES

SECURE DEVICE INTERCONNECTIVITY

SECURE NETWORK

SECURE DATACENTER

SECURE DEVICE MANAGEMENT

SECURE SYSTEM


Whether you are implementing a single standalone device or an end-to-end system,the device is the foundational component.

Software runs on diverse hardwareall of which must be secured:§ Microcontroller platforms§ Embedded processors§ Ruggedized PCs§ Industrial servers§ Mobile phones§ Tablets/Laptops/Desktops§ Network blades§ Data center servers

In the Software Defined World, security begins with devices.



Interconnection between devices forms the Data Plane.

§ Upstream communication to accomplish the system’s mission

§ Downstream communication to accomplish the system’s mission

§ What needs to be communicated?§ Includes attributes:

– QualityofService(QoS),Latency,Bandwidth,Resiliency,Confidentiality,Integrity

Devices communicate:Secure the communications.



Configuration of device functions, connections, and communications forms the Control Plane.

§ Control Plane interfaces can be in-band or out-of-band– In-band:

Communication shared with the Data Plane– Out-of-band:

Communication independent from Data Plane§ The Control Plane establishes the resources

needed to implement the Data Plane

If a device cannot be updated,the device is not secure.



Monitoring and coordination of systems and subsystems forms the Management Plane.

§ The management plane orchestrates the Control Plane to achieve system objectives– Resiliency, Connectivity, QoS, Availability,

Integrity, Confidentiality, Latency, Bandwidth, Locality

If a device cannot be updated,the device is not secure.



Wind River Helix is our comprehensive portfolio of software solutions for addressing the system-level challenges and opportunities of IoT

CUSTOMERPREMISE

CLOUD

DEVICES

CORE NETWORK

§ Hundreds§ Hosting IoT Analytics§ Cloud Scale § General Purpose Compute

§ Thousands§ Backhaul§ IP/MPLS, Security, Multicast§ Quality of Service

§ Tens of Thousands§ Multi-Service Edge§ 3G/4G/LTE/5G§ WiFi, RF Mesh, PLC

FOGNETWORK

§ Tens of Millions, Growing to Billions§ Embedded Systems§ Sensors§ Low Power, low bandwidth


Wind River Helix: Securinga typical Software DefinedIndustrial System

SECURE COMMUNICATIONS

SECURE DEVICES

SECURENETWORK

MANAGEMENT AND MONITORING


IoT Device Lifecycle ManagementConnect – Operate – Protect

Deploy• Provisioning• Authentication• Security

Monitor• Health and status• Alerts• Notifications

Service• Run commands• Get log files• Remote access

Manage• Properties• Change tracking

Update• Deliver files• Execute updates• Track status

Decommission• Agent deactivation• Factory reset• Recycling


Wind River Helix Device CloudSecurity Capabilities

SECURE CONNECTIVITY

ERP

CRM

SERVICECLOUD

ENTERPRISE IT

Confidentiality Integrity

Encrypted Communication

Secure Device SDK

Role-based Access

Mutual Authentication

Multi-tenant, separated

File integrity checking

Signed update packages

Security monitoring

Anti-spoofing

An Intel Company© 2017 Wind River. All Rights Reserved.

Call to ActionContact us to learn more about Wind River Helix and our solutions for the Industrial Internet of Things

[email protected]

Documents

Secure Device Management for the Industrial …...© 2017 Wind River. All Rights Reserved. Secure Device Management for the Industrial Internet of Things EmekaNwafor Senior Director,