Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Welcome to the Industrial Internet Security Forum
Stan Schneider, PhD. RTI CEO, IIC Steering Committee
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
The smart machine era will be the most disruptive in the history of IT-- Gartner
The IIoT Disruption
The real value is a common architecture that
connects sensor to cloud, interoperates
between vendors, and spans industries
You don’t compete against competitors. You compete against market transitions.
– John Chambers
©2015 Real-Time Innovations, Inc.
Safe & Secure Apps in the IIoT
• RTI experience 1000+ projects• Safety and Security critical to most• Requirements surprisingly similar across industries
©2015 Real-Time Innovations, Inc.
Security is not a change driver
Security is a change gate
IIoT is the change driver
©2015 Real-Time Innovations, Inc.
Change Driver:Central Generation Fails
The Grid must be Distributed©2016 Real-Time Innovations, Inc. Permission to distribute
granted.
Change Gate: DER Grid will be Secure
• The OpenFMB (Field Message Bus) architecture integrates solar, wind, and storage into the grid
• Dozens of vendors, several utilities, and standards organizations are building devices, user interfaces, and analytics
• OpenFMB uses DDS for secure communications
Change Driver: Mistakes Kill
Hospital error is the 3rd leading cause of death in the US©2016 Real-Time Innovations, Inc. Permission to distribute
granted.
Change Gate: New IIoT Architecture is Secure
©2015 Real-Time Innovations, Inc.
"GE Healthcare is leveraging the GE
Digital Predix architecture to connect
medical devices, cloud-based analytics,
and mobile and wearable instruments.
The future communication fabric of its
monitoring technology is based on RTI's
data-centric Connext DDS platform.”-- Matt Grubis, Chief Engineer, GE
Healthcare's Life Care Solutions
http://www.rti.com/mk/webinars.html#GEHEALTHCARE
Change Driver: Getting There is Dangerous and Slow
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
Change Gate: Why Drive?
• Autonomous cars (“carbots”)
– Safer, faster, easier
– Change everything
• 30% of all jobs will end or change
• Distributed carbot/city infrastructure will be secure
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
Change is Not Easy
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
Cloud Services
Sensing
Planning
Radar, LIDAR Vehicle Platform Navigation
Error Management
Visualization
Situation AnalysisSituation Awareness
Vision FusionCameras, LIDAR,
Radar …
Data Fusion
LoggingVehicle Control
Localization
DDS Secure Databus
Traffic Maps
DDS Databus
Cars now Compete on Software
The Real Disruption: Culture
“If you went to bed last night as an industrial company, you’re going to wake up this morning as a software and analytics company”
-- Jeff ImmeltGE CEO
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
The Future of Secure, Distributed Software
©2016 Real-Time Innovations, Inc.
“If you went to bed last night as a software and analytics company, you’re going to wake up this morning as a networking and securitycompany”
-- Stan Schneider
How?
©2015 Real-Time Innovations, Inc.
Congratulations to the IISF Team!
Agenda
9:30 Welcome9:40 Toward Securing the IIoT: Industrial Internet Security Framework10:10 Case Studies10:55 Protecting IIoT Endpoints11:20 Break11:30 Panel: The Business Viewpoint of Securing the Industrial Internet12:25 Lunch including IIoT Demonstrations1:25 Communications and Connectivity1:45 Managing and Monitoring IIoT Security2:05 IISF Editors Panel3:00 Closing Remarks
©2015 Real-Time Innovations, Inc.
Closing Remarks
Make it Practical…©2015 Real-Time Innovations, Inc.
My (Easy) Definitions• Cloud
– An elastic computing environment in a $b data center
• IT (Information Technology)– Software (and hardware) that runs in the cloud– Also, sys admins and business programmers who run the above
• Things– Any physical device or system that has computing. – Soon, everything manmade.
• OT (Operational Technology)– Computing that actually controls and powers “things”– Also, engineers who implement the things
• Edge– IT’s collapsed view of the real world not in the cloud
• Fog– Computing that makes OT things intelligent with distributed or
elastic computing not in a data center. Usually layered.
• IoT– All of the above
• IIoT– IoT that consumers don’t buy (except AD cars)
©2016 Real-Time Innovations, Inc.
The IISF in Perspective
• Major contribution
• Only wide voice on security for IIoT
• First of 3 releases from IIC in the next few months!
• Challenge: make it practical
©2015 Real-Time Innovations, Inc.
Security is Wide and Deep
©2015 Real-Time Innovations, Inc.
Practical Security Needs Many Layers
• System edge• Host
– Machine/OS/Applications/Files
• Network transport– Media access (layer 2)– Network (layer 3)– Session/Endpoint (layer 4/5)
• Dataflow– Control application interaction
©2016 Real-Time Innovations, Inc.
Secure systems need all four
Systems are About the Data
Data Centricity Definition a) The interface is the data. b) The infrastructure understands that data. c) The system manages the data and imposes
rules on how applications exchange data.
©2016 Real-Time Innovations, Inc. Permission to distribute unmodified granted.
Database Databus
Data centric storage and search of old data
Data centric sharing and filtering of future data
Application
Application
Message centricRemote ObjectsSOAs
Application
Application
Data
Practical Security Must Match Architecture
• DDS Databus controls dataflow• DDS Security secures dataflow
– Control r,w access to each data item for each function
• Complete Protection– Discovery authentication– Data-centric access control– Cryptography– Tagging & logging– Non-repudiation– Secure multicast
• No API. No code changes.• Plugin architecture for advanced uses
©2015 Real-Time Innovations, Inc.
CBM AnalysisPMU Control Operator
State Alarms SetPoint
Topic Security model:• PMU: State(w)• CBM: State(r); Alarms(w)• Control: State(r), SetPoint(w)• Operator: *(r), Setpoint(w)
Practical Security Combines Protection and Detection
Practical Security is a Culture
©2015 Real-Time Innovations, Inc.
IIC Testbeds!
• IIC has by far the industry’s most comprehensive testbed program
• Key goals- Ensure practical
guidance- Make impact- Span the
industry
©2016 OMG. Permission to distribute granted.
Security Claims Evaluation Testbed
• IIC Sponsor Companies- Xilinx- Underwriters
Laboratories (UL)- Aicas
• Collaborating Companies- Algotronix, EYETech,
iVeia, JUXT, PFP Cybersecurity, RTI, SOC-e
Endpoint - DDS
DDS Stack
For Public Release
©2016 Real-Time Innovations, Inc. Permission to distribute granted.
The smart machine era will be the most disruptive in the history of IT-- Gartner
But only if it’s secure!