Security for the Industrial IoT · •RTI experience 1000+ projects •Safety and Security critical to most •Requirements surprisingly similar across industries ©2015 Real-Time

Welcome to the Industrial Internet Security Forum

Stan Schneider, PhD. RTI CEO, IIC Steering Committee

©2016 Real-Time Innovations, Inc. Permission to distribute granted.

The smart machine era will be the most disruptive in the history of IT-- Gartner

The IIoT Disruption

The real value is a common architecture that

connects sensor to cloud, interoperates

between vendors, and spans industries

You don’t compete against competitors. You compete against market transitions.

– John Chambers

©2015 Real-Time Innovations, Inc.

Safe & Secure Apps in the IIoT

• RTI experience 1000+ projects• Safety and Security critical to most• Requirements surprisingly similar across industries


Security is not a change driver

Security is a change gate

IIoT is the change driver


Change Driver:Central Generation Fails

The Grid must be Distributed©2016 Real-Time Innovations, Inc. Permission to distribute

granted.

Change Gate: DER Grid will be Secure

• The OpenFMB (Field Message Bus) architecture integrates solar, wind, and storage into the grid

• Dozens of vendors, several utilities, and standards organizations are building devices, user interfaces, and analytics

• OpenFMB uses DDS for secure communications

Change Driver: Mistakes Kill

Hospital error is the 3rd leading cause of death in the US©2016 Real-Time Innovations, Inc. Permission to distribute

granted.

Change Gate: New IIoT Architecture is Secure


"GE Healthcare is leveraging the GE

Digital Predix architecture to connect

medical devices, cloud-based analytics,

and mobile and wearable instruments.

The future communication fabric of its

monitoring technology is based on RTI's

data-centric Connext DDS platform.”-- Matt Grubis, Chief Engineer, GE

Healthcare's Life Care Solutions

http://www.rti.com/mk/webinars.html#GEHEALTHCARE

http://www.rti.com/mk/webinars.html#GEHEALTHCARE

Change Driver: Getting There is Dangerous and Slow


Change Gate: Why Drive?

• Autonomous cars (“carbots”)

– Safer, faster, easier

– Change everything

• 30% of all jobs will end or change

• Distributed carbot/city infrastructure will be secure


Change is Not Easy


Cloud Services

Sensing

Planning

Radar, LIDAR Vehicle Platform Navigation

Error Management

Visualization

Situation AnalysisSituation Awareness

Vision FusionCameras, LIDAR,

Radar …

Data Fusion

LoggingVehicle Control

Localization

DDS Secure Databus

Traffic Maps

DDS Databus

Cars now Compete on Software

The Real Disruption: Culture

“If you went to bed last night as an industrial company, you’re going to wake up this morning as a software and analytics company”

-- Jeff ImmeltGE CEO


The Future of Secure, Distributed Software


“If you went to bed last night as a software and analytics company, you’re going to wake up this morning as a networking and securitycompany”

-- Stan Schneider

How?


Congratulations to the IISF Team!

Agenda

9:30 Welcome9:40 Toward Securing the IIoT: Industrial Internet Security Framework10:10 Case Studies10:55 Protecting IIoT Endpoints11:20 Break11:30 Panel: The Business Viewpoint of Securing the Industrial Internet12:25 Lunch including IIoT Demonstrations1:25 Communications and Connectivity1:45 Managing and Monitoring IIoT Security2:05 IISF Editors Panel3:00 Closing Remarks


Closing Remarks

Make it Practical…©2015 Real-Time Innovations, Inc.

My (Easy) Definitions• Cloud

– An elastic computing environment in a $b data center

• IT (Information Technology)– Software (and hardware) that runs in the cloud– Also, sys admins and business programmers who run the above

• Things– Any physical device or system that has computing. – Soon, everything manmade.

• OT (Operational Technology)– Computing that actually controls and powers “things”– Also, engineers who implement the things

• Edge– IT’s collapsed view of the real world not in the cloud

• Fog– Computing that makes OT things intelligent with distributed or

elastic computing not in a data center. Usually layered.

• IoT– All of the above

• IIoT– IoT that consumers don’t buy (except AD cars)


The IISF in Perspective

• Major contribution

• Only wide voice on security for IIoT

• First of 3 releases from IIC in the next few months!

• Challenge: make it practical


Security is Wide and Deep


Practical Security Needs Many Layers

• System edge• Host

– Machine/OS/Applications/Files

• Network transport– Media access (layer 2)– Network (layer 3)– Session/Endpoint (layer 4/5)

• Dataflow– Control application interaction


Secure systems need all four

Systems are About the Data

Data Centricity Definition a) The interface is the data. b) The infrastructure understands that data. c) The system manages the data and imposes

rules on how applications exchange data.

©2016 Real-Time Innovations, Inc. Permission to distribute unmodified granted.

Database Databus

Data centric storage and search of old data

Data centric sharing and filtering of future data

Application

Application

Message centricRemote ObjectsSOAs

Application

Application

Data

Practical Security Must Match Architecture

• DDS Databus controls dataflow• DDS Security secures dataflow

– Control r,w access to each data item for each function

• Complete Protection– Discovery authentication– Data-centric access control– Cryptography– Tagging & logging– Non-repudiation– Secure multicast

• No API. No code changes.• Plugin architecture for advanced uses


CBM AnalysisPMU Control Operator

State Alarms SetPoint

Topic Security model:• PMU: State(w)• CBM: State(r); Alarms(w)• Control: State(r), SetPoint(w)• Operator: *(r), Setpoint(w)

Practical Security Combines Protection and Detection

Practical Security is a Culture


IIC Testbeds!

• IIC has by far the industry’s most comprehensive testbed program

• Key goals- Ensure practical

guidance- Make impact- Span the

industry

©2016 OMG. Permission to distribute granted.

Security Claims Evaluation Testbed

• IIC Sponsor Companies- Xilinx- Underwriters

Laboratories (UL)- Aicas

• Collaborating Companies- Algotronix, EYETech,

iVeia, JUXT, PFP Cybersecurity, RTI, SOC-e

Endpoint - DDS

DDS Stack

For Public Release


The smart machine era will be the most disruptive in the history of IT-- Gartner

But only if it’s secure!

Documents

Security for the Industrial IoT · •RTI experience 1000+ projects •Safety and Security critical to most •Requirements surprisingly similar across industries ©2015 Real-Time