Imagine you are responsible for the North American operations of a leading manufacturer. On a seemingly normal working day, you receive a list of product defects from one of their largest factories. The trend seems to have started some time ago and is increasing, but the cause of the defect cannot be localized. Yet everything in the factory seems to be running normally. You are faced with a decision: should the system in question be shut down for more detailed diagnostics or should operations continue in the hope that the trend will reverse itself and product output will return to normal levels? You decide to shut down the system and carry out unscheduled maintenance. After several hours of diagnosis, there seems to be a breakthrough: Although everything appears normal on the surface, there is an anomaly in the PLC software. In the course of further diagnostics, it becomes clear that the factory has been the victim of a hacker attack. Why wasn't this discovered earlier? The hackers must have been careful and kept the malicious code hidden so that everything appeared to be running normally for the operators.
After the plant had to be shut down, the factory was able to resume regular operations. But the question remains: Has it been possible to quarantine all the affected equipment? Fortunately, all devices in the factory, including the drives and servos, are equipped with a 'hardware root of trust', which makes it possible to push a software update to all potentially affected machines in the world in a trustworthy manner. Perhaps this update will save the Japanese factory from similar problems.

A cyber attack follows economic aspects. The higher the level of difficulty of an attack, the lower the incentive for an attack.

© Analog Devices

The example shows: Because the attack surface for cyber attacks is changing, there is an increased security risk and an increased need for security solutions at the edge. It is essential to arm factories against cyber attacks in a resilient way. A company must be able to detect attacks and return to orderly operations after an attack. Therefore, building a networked factory requires intelligent edge devices that can cope with attacks. This in turn makes it necessary to build in security from the lowest level, i.e. the hardware. If you can trust the lowest levels of a device's boot structure and issue appropriate software updates, a factory will be able to recover quickly from an attack and resume normal operation.

Security risks are changing

The damage caused by a cyber attack is particularly high in networked production. It is therefore important to make the operating environment secure.

© Analog Devices

The demand for edge computing is leading to the networking of more and more devices that interact with their real-world environment based on the data they receive. These intelligent devices are critical to the outcomes of today's digital age. The more computing power becomes widely available, the greater the need for protection against increased risk from cyberspace. It's only a matter of time before the next smart coffee machine makes headlines for being taken hostage by a cyber attack. Even if the ransom is likely to be negligible, there are certainly incentives for an attack on a coffee machine, because the low hurdles make carrying out such an attack very worthwhile.

Just think how much effort it would take to extort a ransom for an entire factory. The potential revenue is significantly higher here - and this also increases the incentive for potential attackers. As a result of the convergence of IT and OT (operational technology) networks, it is no longer effective to rely solely on firewalls to protect critical infrastructures. Instead, it should be based on the assumption that someone has already gained access to the factory network, which is why integrity and robust authentication protocols are required for all networked devices.

A network of connected devices must have the ability to authenticate themselves to other devices on the network, sign data and validate received data. Although there are standardized procedures for this, a factory always comes with certain restrictions that make adapting security measures a challenge in some use cases. The dependence on time in motion control applications, for example, can lead to latency tolerances that make traditional forms of mutual authentication between devices unsuitable. When using the standard public key infrastructure, devices send each other challenges to establish authenticity and then exchange a shared session key using a method such as TLS (Transport Layer Security). Even though this method is already used in many factories, it is not suitable for use in fast motion control applications, as a large number of devices have to work together within a certain time frame. As soon as latencies in the microsecond range are required, the procedure for authenticating messages must be selected in such a way that the required level of speed and security is achieved. The data flow from the controller to all components of the control loop must be received in a congruent manner.

One way to achieve this type of data flow is for all devices to use the same session key. However, this requires a very specific network configuration that allows devices to authenticate to a security manager that provides the same session key to all devices in a particular security group. These keys are exchanged using the standard TSL procedure, while alternative protocols are used for time-critical processes.

Extending identity and integrity to the edge

The connectivity solutions for industrial Ethernet from the ADI Chronous series enable protected communication at the edge, i.e. at the outer limits of the control loop. The solutions are located at the communication endpoints and can secure network communication at any node within the system. These scalable Ethernet solutions enable the extension of security in highly time-sensitive applications to cope with changing security risks. This includes the following aspects:

- Securing the perimeter of the factory control network to build a resilient and reliable architecture.

- Enabling protected connectivity of robots, drives and production machines in an integrated OT/IT ISN network.

- Creating the possibility for authentication and encryption (as required) in a highly time-critical environment.

Erik Halthen is Product Development Manager at Analog Devices. As a member of ADI's Cyber Security Center of Excellence, he has taken on the role of Security Systems Manager for industrial solutions.

© Analog Devices

Analog Devices ' security solutions for ADI Chronous Industrial Ethernet enable a rapid transition to the networked factory. Based on the protected development processes, the Industrial Ethernet solutions ensure that the security design makes the system application possible, but at the same time allows risk management throughout the entire product life cycle. The security features include the generation and management of keys as well as protection for boot processes, updates and memory access. Integrating security into the devices at the outer edges of an industrial control loop creates the confidence in the data needed to scale solutions that are required for real-time decisions in the factory.

It is crucial for companies to adapt to changing cyber risks. Are the attackers targeting the software of the device in question or will the next cyber attack be a network attack that infiltrates corrupted data? Regardless of this, the devices used must communicate securely in order to be able to recover from the next attack. To do this, it is necessary to implement security right from the start - in the hardware. If you can rely on the boot process of a device at a very basic level and issue software updates, the factory will be able to recover from an attack and resume normal operation.