Breaking with Tradition: Secure ICS Hits Industry

Tuesday, July 14, 2015 @ 06:07 PM gHale

By Gregory Hale
A new industrial control system released today marries basic understanding of current systems, but also breaks away from traditional thinking by featuring a pin-less, electromagnetic backplane and embedded cyber security.

“It operates like a PLC, but we are using the embedded approach,” said Bob Honor, chief executive and a founder at Bedrock Automation.

Duqu 2.0: ICS Needs New Approach
ICS Security Knowledge Low: Report
Duqu 2.0: Defend Against APTs
Oil Industry Under Attack

The new system, called Bedrock, addresses control applications with fewer than a dozen part numbers, which then cuts down on cyber attack vectors, cuts lifecycle costs and looks at simplifying engineering, commissioning and maintenance, Honor said.

Industrial control systems in use today are very complex systems, but San Jose, CA-based Bedrock Automation which started up a few years ago and has its roots in the semiconductor industry, doesn’t think it has to be that way.

“We used all the standards from a users’ standpoint,” Honor said. “We follow all user standards to introduce a radically different technology (users) can use in the same way.”

This is an automation system that talks about production, but in the end is secure.

“By far, the industries like heavy process, power, electric, chemicals are concerned about security,” Honor said. “We are going to market this as a secure automation system.”

Bedrock, Honor said, has three goals:
• Simplicity
• Scalability
• Security

“All three are important, but security will be the difference maker in the future,” Honor said.

“We are reducing attack surface,” Honor said. “When you do that, you can reduce all attacks.”

The removal of I/O pins improves reliability and increases cyber security while forming an isolation barrier for every I/O channel, Bedrock officials said. This backplane also allows installation of I/O modules in any orientation and location for unprecedented flexibility in I/O and cable management.

Secure I/O modules use layers of advanced technology to deliver software-defined I/O for universal analog, discrete, Ethernet and Fieldbus signal types. A secure power module is functionally and physically coupled to the backplane to deliver single and dual redundant cyber secure power for the control system. A secure universal controller can run virtually every conceivable application independent of size or control task: discrete, batch, continuous, or multivariable control from one device that supports as few as ten, to as many as thousands of I/O points, Bedrock said. With this system, separate programmable logic controllers (PLC) and distributed control systems (DCS) are not a requirement.

While traditional industrial control systems were operating well before the idea of security came into play, the providers end up bolting security solutions on to working systems.

Bedrock designed security in from the beginning so they have a control system that is as secure as any system can be.

“We think this is where we have to go,” Honor said. “This hardware embedded approach is the way to go. As cyber threats to all industries grow, traditional control system vendors respond by adding cost and complexity to their legacy technology.”

In terms of security, Bedrock does offer layers of protection. Replacing pins with an electromagnetic backplane is one layers of protection. Additional security layers include:
• Cyber secure microcontrollers with encrypted keys and TRNG embedded in all system modules including the controller, power supply and I/O
• All modules encased in anti-tamper metal that is impenetrable without metal cutting tools
• Authentication extending throughout the supply chain, including third party software and applications

Bedrock delivers an Integrated Development Environment (IDE) based on an open IEC 61131 software toolset that supports embedded OPC UA. The IDE enables users to develop, operate and authenticate control for a vast array of PLC, SCADA and DCS applications. Fewer components mean fewer panel layouts and wiring diagrams to contend with. Software configurable I/O can end up changed in the field with the click of a mouse. Ninety percent fewer I/O module types means fewer spare parts to keep and manage. Such innovations contribute to reducing overall engineering design costs by up to 33 percent.

Right now, Honor said they have systems in labs and testing in pilot programs, nothing really in production yet.

But that won’t last forever. In terms of the future, they are going for safety integrity level (SIL) certification.

“We built it also for safety systems,” Honor said. “We are going for SIL 2 approval now and we should have it by the end of next year. Then we go for SIL 3.”