Industrial IoT (IIoT) is transforming the way industries operate. At its core, data is acquired, analysed and turned into actionable insights to solve problems for faster decision-making. But IIoT devices and infrastructure can become high-value cyber targets – a compromise could lead to financial, safety and even environmental threats. At NXP, we believe that security must be considered from the start of a design to achieve optimal protection. That’s why we are relentlessly focused on our security engineering expertise, proven processes and understanding of emerging trends, to deliver trusted solutions that meet your security needs.
The shift to digitalisation across industries is spurring new applications, from driverless transport and smart handling systems to autonomous robots that operate without human intervention. IIoT technologies are being deployed across power and energy, factories, buildings and healthcare industries. These interconnected devices – the industrial ‘Things’ – include actuators, sensor nodes, servo drives, vision systems and programmable logic controllers. Together, they form industrial communication networks that enable devices to share vast amounts of data.
Some devices sense, analyse, acquire and communicate with automation control systems in real-time, such as edge devices with on-chip computational and machine learning capabilities that enable them to make immediate decisions. Some actuators directly influence the industrial process by operating a switch or a valve and gathering its data. These edge devices have computational capabilities that can directly impact a process without the need for data to propagate through the entire system.
Other edge devices gather and pass data to a centralised hub that processes and consolidates this data and sends the information to the cloud. This information can then be analysed and processed by cloud-based applications, and fed back to enhance production.
Greater energy efficiency, reduced costs, better quality products, improved decision-making and less equipment downtime are some of the advantages of an effective IIoT system. It’s no surprise that digitalisation is expanding in all sectors, with the potential for interconnection between multiple organisations in a supply chain.
Attack points
The convergence of IT and OT (operational technology) can increase the potential attack surface of nearly every level within the infrastructure, from enterprise resource planning (ERP) to the factory shop floor. For example, an organisation could have access to a supplier’s computer system for visibility into logistics and supply. Because a significant number of interconnected devices and systems are involved, the attack surface grows and can serve as an entry point into financial and process management systems, and even cloud-based systems. Criminal actors are increasingly resourceful in determining the weakest link in a system and using it to bootstrap an attack on the entire network of interconnected devices.
Legacy devices
Industrial facilities that were established before malicious attacks became as prevalent as they are today may feature an industrial IoT system that has evolved, with devices varying in age and security levels coexisting within the same network. In some cases, the manufacturer may have closed, leaving a void in support before the product reaches the end of its lifecycle.
Additionally, a legacy product may not have the processing power or sufficient memory to handle over-the-air or technician-implemented updates, yet the systems they control may be too costly or disruptive to replace. A personal computer or an IoT platform within an OT system may be running a legacy operating system, making effective malware eradication more complex, particularly when securing such a system from evolving threats. Production line downtime costs are an additional consideration and can account for a reluctance to carry out such upgrades.
Industry fights back
The EU Cybersecurity Act, which came into force in June 2019, aims to establish a European Cybersecurity Certification framework for all OT products and services. Its scope includes EU cyber deterrence, law enhancements, identification of perpetrators, international cooperation and a diplomatic, political response. The European Agency for Cybersecurity, ENISA, participates in this new framework, establishing the link between standardisation and certification.
In the United States, similar initiatives are in place with the National Industrial Security Program (NISP). Additionally, the Strengthening American Cybersecurity Act of 2022 (SACA) was signed into law in March 2022. It requires critical infrastructure operators to report “substantial cyber incidents” to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and report ransomware payments within 24 hours.
IEC 62243: A path to compliance
IEC 62443 is a series of international standards that address cybersecurity for operational technology in industrial automation and control systems (IACS). An industrial expert panel, including NXP security experts, worked to develop the series, which is divided into sections to encompass both procedural and technical requirements from the device level to the IACS level.
The standards provide a framework for all aspects of security as early as possible. This prevents confusion arising from the use of a myriad sector-specific standards, and creates a unified, interoperable approach to security.
The standards are organised into four parts:
• Part 1 pertains to the terminology and methodology used.
• Part 2 looks at the methods and security processes for different roles such as industrial facilities.
• Part 3 discusses cybersecurity technical requirements for systems. The target audience is system integrators.
• Part 4 is about the integration of cybersecurity in all the phases of a product life cycle and specifies the technical requirements for components themselves, such as embedded devices.
NXP’s security-by-design approach to ease 62443 compliance
At its core, NXP has extensive security expertise and addresses the security demands of its products by leveraging its heritage in highly advanced secure elements for smartcards, government e-passports and automotive applications. The company rigorously tests its sites, systems and processes. In addition to ensuring the integrity of its secure components, NXP has a security-conscious culture within its organisation, making security part of its DNA.
Because every use case is different, the security should be as well. That’s why at NXP, a broad EdgeVerse product portfolio for a wide range of use cases and protection is offered. Depending on the application, one can choose from SoCs with integrated security capabilities, ready-to-use secure elements or a combination of both.
MCUs and processors with integrated security
NXP addresses secure IIoT requirements with its EdgeVerse processing platform, a range of microcontrollers and processors that deliver power and performance scalability, rich mixed-signal and security integration, as well as system-level solutions and software enablement to ease embedded development.
Security is at the forefront when developing the latest Arm Cortex-M based microcontrollers, such as the recently launched LPC5500 MCU series, which integrates a range of benchmark security features, including secure boot with immutable hardware root-of-trust, SRAM PUF-based unique key storage, and certificate-based secure debug authentication. Cryptography acceleration is further enhanced within LPC5500 for faster key exchange with dedicated accelerators for AES-256 and SHA2-256, as well as asymmetric algorithms, such as ECC and RSA for public key infrastructure.
Offering protection and isolation, NXP has integrated an EdgeLock secure enclave into some of NXP’s latest i.MX applications processors and i.MX RT crossover MCUs. This preconfigured, self-managed and autonomous on-die security system provides a rich set of security services and platform security functions which it manages independently without impacting the function of the processor or controller.
NXP’s i.MX RT1180, a purpose-built crossover MCU for industrial edge applications, is the first from NXP to include a secure enclave, as well as a 5 Gbps cut-through ethernet switch with multi-protocol support for both time-sensitive networking and real-time industrial ethernet. Additionally, by mapping system-level industrial security requirements into NXP’s target SESIP component certification, i.MX RT1180 will ease the effort required by OEMs to comply with IEC 62443 standards.
Conclusion
The IIoT offers enormous efficiency and cost benefits for all industrial sectors, whether in power generation, transportation or smart city infrastructure. To this end, the number of electronic devices that communicate is expanding in both proliferation and complexity, across all sectors. This increased deployment broadens the risk footprint and increases the likelihood of cyberattacks.
Robust cybersecurity measures must be intrinsic to all industrial IoT designs to avoid potential catastrophes. Securing such systems from malicious attacks requires careful planning to embed security by design. An IIoT system that features a carefully planned scalable architecture built using secure products, while considering the convergence of OT and IT systems within it, will be better equipped to withstand cyberattacks from evolving threats than one that has grown ad hoc with scant regard to its architecture or connections.
Cybersecurity regulations, standards and frameworks all serve to address an increasing threat spectrum, guide sectors in best practices and assist organisations in creating their cybersecurity management systems. NXP, with its successful history in security, will play an essential role in securing the future.
| Tel: | +27 11 923 9600 |
| Fax: | +27 11 923 9884 |
| Email: | [email protected] |
| www: | www.altronarrow.com |
| Articles: | More information and articles about Altron Arrow |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version