Transcription

1 IIRA and RAMI 4.0 Secure IIoT Applications Need Secure Application Code IIRA: Industrial Internet Reference Architecture RAMI: Reference Architecture Model for Industrie IIoT: Industrial Internet of Things

2 E-Bike 2

3 Security 3

4 Safety 4

5 Netherlands Cycle Path 5

6 UK Cycle Path You can t bolt on safety, you have to design it in. The same is true about security in the IIOT. 6

7 The Internet of Things and Services The Internet of Things (IoT) is a much used phrase, and one full of optimism and promise 7

8 The Internet of Things and Services Smart Parking Connected Water Meters Gas Monitoring Chronic Disease Management Road Pricing Telework Connected Learning Connected Militarized Defence /government/leadership/internetof-things-8-cost-cutting-ideas-forgovernment/d/d-id/

9 US Water Utility Network 9

10 San Francisco Transit Network 10

11 German Steel Works /technology

12 Ukrainian Electricity Network 12

13 Mirai Source Code Default Password 1234 Distributed Denial of Service (DDoS) Attack 13

14 IoT & IIoT IoT systems are generally non critical systems such as a home thermostat, where a failure is not catastrophic IIoT focuses more on complex industrial systems, such as power generation and transportation, which are much more demanding in terms of performance and which need to perform 24/7 with serious consequences in case of failure Both IIoT and IoT are starting to have a huge element of machine-to-machine communications Security approach for IIoT needs to be the most robust and highest performing system possible 14

15 RAMI 4.0 Reference Architectural Model for Industry German, French & Italian Initiative to support and strengthen the digitisation processes of their manufacturing sectors The fourth industrial revolution: Towards intelligent and flexible production ds/publikation/rami40-anintroduction.pdf? blob=publicatio nfile&v=4 15

16 IIRA Industrial Internet Reference Architecture Enables Industrial Internet of Things (IIoT) system architects to design their own systems based on a common framework and concepts 16

17 IIRA and RAMI 4.0 IIC Functional Domains and Viewpoints Industrial Internet consortium Industrial Internet Reference Architecture version th June, 2015 Reference Architecture Model for Industrie 4.0 Umsetzungsstrategie Industrie 4.0 Ergebnisbericht, Berlin, April

18 Middleware Applying the IIRA to the IIC s Microgrid Testbed, deploying DDS (Data Distribution Service) as a middleware solution 18

19 The Swiss Cheese model There is no simple, one-stop answer to the security conundrum. Cyber-security depends on vigilance in every part of the architecture, the design, the development process, including: Secure boot Domain separation Least privilege design principles Minimisation of attack surfaces Secure coding techniques Security focused testing Responsive maintenance processes It is imperative that all critical application code is written with security as a primary focus 19

20 Writing Secure Code

21 Build Safe and Secure Application Code Use a Secure Coding Standard Reduce Code Complexity Define Safety Requirements Requirements Tracing Requirement Based Testing Measure Structural Coverage 21

22 Tracking Security Vulnerabilities There are databases that track the security vulnerabilities and exposures. For many years now, all recorded exploits and vulnerabilities have been captured in a variety of databases, including: CVE Common Vulnerabilities & Exposures (cve.mitre.org) OSVDB Open Source Vulnerability Database (osvdb.org) SANS Institute - SysAdmin, Audit, Network, Security ( OWASP - Open Web Application Security Project ( Learn from Experience 22

23 CERT Computer Emergency Readiness Team 23

24 Top Secure Coding Practices Validate Inputs Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments, network interfaces, environmental variables, and user controlled files Heed compiler warnings Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code. Use static and dynamic analysis tools to detect and eliminate additional security flaws Keep it simple Keep the design as simple and small as possible. Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use 24

25 Top Secure Coding Practices Use effective quality assurance techniques Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities. Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program. Independent security reviews can lead to more secure systems. External reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions Adopt a secure coding standard Develop and/or apply a secure coding standard for your target development language and platform Source: 25

26 Secure Coding Standard: MISRA C:2012/AMD1 Validate Inputs 26

27 Keep It Simple Static analysis can be performed on the code and a number of metrics measured such as: Number of lines of code Number of exit points Fan in / Fan out McCabe Cyclomatic Complexity 27

28 Example of High Complexity Impossible to understand, maintain or test 28

29 IEC and Security IEC addresses security related safety risks just like any other safety risks, and demands safety goals and requirements to deal with them 29

30 Thermostat Safety Requirements Design in Security 30

31 Build Safe and Secure Application Code Define Requirements Definition of safety and security requirements Requirement Based Testing Requirement Coverage Impact Analysis Bi-directional Traceability from requirement to source code 31

32 Build Safe and Secure Application Code Coding Compliance and Quality of Code Finding safety and security vulnerabilities Maintaining the quality of code Functional Testing Ensuring correctness of function Robustness testing Structural Coverage Achieving an appropriate level of code coverage 32

33 Requirement Traceability Bi-directional traceability between requirements, test cases, and source code 33

34 Traditional Security Market - Testing Reactive Coding Executable Testing No Guidelines No Risk Mitigation Mostly Agile Not Dependable Not Trustworthy (Malicious Logic) Not Resilient Performance Tests Penetration Tests Load Tests Functional Tests 34

35 Prevention is Better than Cure Proactive Process remains same, additional considerations need to be addressed Coding Testing Executable Security Risk Assessment Drives Security Guidelines Agile/V/Waterfall Code Reviews Functional Tests Structural Coverage (No Malicious Logic) Security Tests Dependable Trustworthy Resilient 35

36 Structural Coverage 36

37 Structural Coverage Gap Analysis Once all the High Level Tests have been executed, any code that remains un-exercised should be either removed, (if deemed to be dead-code), or new tests created to exercise it, or if in the case of defensive code (for example checking that a pointer is not null) then unit tests can be created to achieve 100% structural coverage 37

38 Summary Security has to be designed in Multiple layers of defence Safety Requirements Secure Coding Standard Requirements based Testing Requirements Tracing 38

39 Contact Us Need more information?.com 39

40 Any Questions Q & A 40