[adsanity_group num_ads=1 num_columns=1 group_ids=8 /]

Industrial Control System Secure By Design

Inductive Automation included a number of partner companies in its Ignition Community Conference last week in Folsom, CA. Among these companies was Bedrock Automation. I’ve written about Bedrock before a few times. This trip I was looking at its display when its CEO in disguise appeared.

Why it matters: Cyber security is at the top of everyone’s mind these days. Bedrock Automation has designed a system to be secure from all parts of the supply chain.

Albert Rooyakkers, founder/CEO/CTO, was wearing a hat and sunglasses and I walked right past him. However, he came over and gave me his usual high energy explanation of the entire Bedrock system.

Bedrock Automation builds an industrial control system (PLC) that was designed from the beginning with security in mind. Not just cyber security, but also security from tampering, lightning, high-energy electromagnetic interference, and more.

Intrinsic Security begins with Strong Cryptography, then adds Secure Components, Component Anti Tamper, Secure Firmware, Secure Communications, and Module Anti Tamper.

The metal construction showcases the secure construction, just as does the design of the I/O modules and communication with the controller (no insecure backplane).

Public Key Infrastructure

Rooyakkers always gives me the deep dive into Public Key Infrastructure which leads to Hardware Root of Trust—the essential element of security in the product.

Use of asymmetric cryptography for authentication and key exchange is the basis of secure e-commerce. In the internet context, there is a critical additional piece, a root of trust at the center of an exchange. This is called Certificate Authority. Key pairs, certificates, a root of trust and interoperable algorithms together form a Public Key Infrastructure (PKI) which includes the infrastructure and policies to manage and maintain the trust. Some of the building blocks include:

• Signatures
• Transport Layer Security
• X.509 Certificates
• Certificate Chain of Trust
• Root Certificate Authority

Until now PKI has not been implemented in industrial control systems. Bedrock Automation embeds the Hardware Root of Trust in the control system. It is designed from the ground up with security in mind.
Bedrock Automation has always gone to market with systems integrators—a strategy that fits with Inductive Automation. In many remote control and SCADA systems, the two form a perfect pair.

Be Sociable, Share!

, , , , , , , ,

One Response to Industrial Control System Secure By Design

  1. Adam September 29, 2017 at 7:35 pm #

    Gary Mintchell very helpful information you share, I am from automation industry and I must suggest this great piece of content to my colleague and fellows

Leave a Reply

Follow

Follow this blog

Get every new post delivered right to your inbox.