FIELD INTELLIGENCE: Smart Processes, Solutions & Strategies
Systems engineering is managing the risk inherent in integrating pieces into a predictable whole. In order to make the whole system as predictable as possible, engineers rely upon standards and operational use cases.
The system is engineered with a deterministic process, meaning if “this” happens in the environment, then the system will do “that.” To trust a deterministic system prior to putting it in operation, the system is validated and verified to gather empirical evidence that the system operates as expected in known scenarios. As long as the environment and use of the system doesn’t change unexpectedly, deterministic systems allow automation.
Deterministic systems like the assembly line and microprocessors have been the growth engine powering progress to a $100 trillion world economy. Digital systems in particular have fueled growth in the last 30 years.
China, for example, has harnessed digitization to grow from a largely agrarian economy in 1980 to the top country for manufacturing output. Digital deterministic systems underpin the modern world as we know it. They are also the Achilles heel.
Systems engineering did the hard part of harnessing randomness into determinism. While reverse engineering, hacking and supply chain tainting may appear to be nearly impossible, a bad actor only needs to focus on understanding one thing: the assumptions behind determinism.
Published standards help reduce the number of assumptions bad actors have to make. Each piece of information gathered from the Internet, from an unsecure cloud, from employees or from experimenting with commercially available parts lends a clue to those assumptions and thus facilitates system exploitation. Moore’s law is slowing, and complex control systems are in service longer and longer. The predictability and lifespan of a deterministic system now become liabilities.
While IT and system-to-system communications present real attack surfaces, not enough attention is being paid to the embedded security of the devices and machines used in the manufacturing process. Recent supply chain compromises have only underscored the need to focus on embedded security.
A large part of the technical solution to security relies upon authentication to ensure data is encrypted. Encryption relies upon keys generated from a random source. But that “random” source is often also deterministic. Today’s industry standard encryption would take 50 supercomputers about 3x1051 years to run through the possible key combinations. The premise of current encryption techniques isn’t that it’s impossible to reverse engineer but that it places time back in the favor of the operator instead of the bad actor.
Quantum computing is expected to be 100 million times faster than today’s standard and could reduce that brute force attack time from 3x1051 years to less than two weeks. Even before quantum computing becomes a reality in the wrong hands, today’s systems leak clues about encryption algorithms, which make it possible for a graduate student to uncover the encryption keys in a matter of days.
A bad actor has the advantage of a predictable system and time, as well as perceived security measures often built upon assumptions that don’t really provide additional protection. So how can the digital devices that control the manufacturing process be secured? There are three primary options:
- Move from deterministic systems to adaptable systems.
Systems can adapt to their environment—including security threats. The statistical basis for artificial intelligence (AI) has been around since the 1950s. But advancements in sensor technology, the miniaturization of electronics, the increase in computing density and the proliferation of secure cloud technology make AI technically realistic for more systems.
Even if security is integrated as a design principle into “smart” devices, there is still a strong public debate about the trust level of such systems and lack of formal validation methods.
- Move from deterministic security to true random security.
New technologies, such as Physically Unclonable Functions (PUFs), use variations in the manufacturing process for a specific chip or circuit card as the source of “randomness” to generate a chip/card-specific encryption key.
While there is encouraging research into these technologies, questions remain about how these variations will hold up over time.
If the basis for randomness varies, then systems would have security false positives that would exact unnecessary penalties in functionality and thus increase the total cost of the system. Furthermore, there is also research that suggests even PUFs can be reverse engineered.
- Accept some level of compromise and layer security to minimize the risk of the impact of the disruption.
The embedded layers of a digital device are shown in Figure 1. Security should at least be considered at each level but the manufacturing environment and the impact of compromise will dictate which layers need the most attention.
Security hygiene is a necessary part of controlling access to digital systems but is only focused at the networking and user/control levels.
Antivirus software is a necessary part of securing a system but is only focused at the application level. Microsoft and Linux operating systems constantly work to secure their platforms but only focus at the operating system level. When coordinated with a secure hardware layer, firmware integrity checks are useful but cannot validate the “software bill of materials” or compilers used to build the firmware.
Chipmakers have been ramping up hardware security but recent Spectre and Rowhammer attacks have underscored the need for additional hardware security at Level 0, within the chip and circuit card.
Until procedure is always followed, policy always enforced and people always predictable, technology needs to be the answer to trusting the systems that control manufacturing processes.
Deterministic security protecting a deterministic system is an incomplete framework of protection. Until we can harness randomness, there is no single technology that can provide sufficient security.
The only clear way forward is to be deliberate about architecting a multi-layered security strategy to minimize impact of compromise.