A saying attributed to Warren G. Bennis notes that the factory of the future will employ only a man and a dog. The man’s function will be to feed the dog, while the dog will keep the man from touching the equipment. That day appears to be coming closer and closer to reality, but one now must ask whether the dog is also capable of keeping not only its minder’s hands off the equipment but the hands of malicious hackers that would attempt to meddle through code instead of physical manipulation.
Despite many people’s best efforts to keep computers secure, new computer viruses seem to pop up every day. Occasionally, these viruses can be rather nasty, like the Meltdown/Spectre vulnerability discovered in 2018 that inherently exists on the chip level of computers. Another example is the Mirai botnet that was discovered in 2016. Frustratingly, the Mirai botnet malware infects Internet of Things (IoT) devices using only a list of default passwords that have never been changed.
Information and virtual chaos are normally the objective of these attacks—and certainly shouldn’t be acceptable—but malicious programs can be designed to jump into the real (i.e., “physical”) world to affect the operation of industrial machinery. Unfortunately, securing this machinery can be a challenge because of the varied nature of these embedded systems and because they can be in service for 10, 20, or more years in many cases.
Adding to this difficulty, in a factory environment, network security is generally left in the hands of “the information technology (IT) people.” While they may know how to secure a network in the traditional computer/hardware/software sense, in most cases they rely on the control engineers to take care of specialized manufacturing equipment. While skilled at keeping the machinery running, these manufacturing and control engineers often don’t have sophisticated knowledge of IT concepts, much less an understanding of what is going on from a security perspective in the manufacturing plant environment as a whole. This presents a sort of gray area as to who is responsible for what in plant automation—creating an obvious attack vector.
In addition to designing, managing, and safeguarding the general operations of automated manufacturing lines, engineers and IT personnel in this environment must also consider securing the asset management software and hardware. An inaccurate count of parts caused by a security compromise, for instance, can wreak havoc on a supply chain: Thus, if a bar code scanner somehow becomes corrupted or spoofed, this presents another vector of attack for a determined virtual adversary. If the inventory count is corrupted, this could cause the machinery and production equipment to become overworked on the one hand or missed delivery schedules on the other due to non-existent inventory. Preventive maintenance could even go unfulfilled or be put off in an effort to “catch up” to false data, meaning equipment damage could happen as a secondary effect.
Given these potential security holes, if a company’s task is to design new hardware for industrial environments, your customers’ security needs must be paramount. However, the conundrum is that you can’t solely rely on engineers and IT personnel to keep equipment secure for generations throughout the computer hardware’s evolution. In fact, as a former manufacturing engineer myself, I’m certain that many engineers wish they still had physical serial and parallel ports on their notebooks, and I would be very surprised if there aren’t computers still running processes that say “Windows 3.1” (or earlier) when a screensaver is displayed. Despite these challenges, industrial products must be and remain rock-solid security wise and have an end-to-end approach so that one node of a system doesn’t lead to a breach elsewhere.
This kind of security-centric design does have some costs associated with it, however, and your organization may not have expertise in-house or the time to develop a security system from the ground up. The good news is that your company doesn’t have to start from scratch—and probably shouldn’t. Maxim has been involved in digital security for the last 30 years, including producing hardware for critical point-of-sale (POS) terminals, and its MAXREFDES155 DeepCover Security Reference Design is ready for integration into your application.
This reference design uses a DS2476 DeepCover® ECDSA/SHA-2 coprocessor on the base shield to verify that the secure signals from the corresponding sensing endpoint—which uses a DS28C36 DeepCover ECDSA/SHA-2 authenticator—are legitimate. Security is built into hardware at the chip level, so ruling out some sort of physical hardware exchange at both points, there is no known way to spoof this type of arrangement. This means that you can develop the type of hardware that you’re best at while integrating world-class cryptographic protection from Maxim.
While we as engineers will never be able to prevent every possible intrusion into an industrial environment, using hardware designed with security in mind goes a long way towards this goal. It’s a concept that hardware designers need to embrace, and those responsible for keeping the machines running would be wise to consider when to specify new or retrofitted equipment.