Cyber-security extends from controls to networks and apps
Bedrock Automation, the Californian manufacturer of cyber-secure controls products, has announced a firmware upgrade that extends its cyber-security protection to networks, the Industrial Internet of Things (IIoT) and third-party applications.
The Cybershield 2.0 firmware not only allows authentication and encryption of I/O networks and field devices, it also protects compliant networks and applications such as configuration software and Scada packages.
Bedrock’s Open Secure Automation (OSA) platform, launched in 2015, initially delivered two fundamentals of cyber-defence – a secure control platform and a secure component supply chain.
“Our first objective was to deliver a hardware-based endpoint root-of-trust, which we did with the Cybershield 1.0, which was built into last year’s product release,” explains the company’s founder, chief technology officer and vice-president of engineering, Albert Rooyakkers. “Cybershield 2.0 is our next giant leap. It validates our built-in versus bolted-on technologies, and is forward- and backward-compatible.
“This 2.0 firmware upgrade demonstrates how we continuously enhance intrinsic defence and lead the digital convergence of OT cyber-security with enterprise-class technologies,” he adds.
According to Bedrock, attempting to achieve a similar level of protection with conventional, bolt-on technologies increases costs and complexity, with no certainty that this will protect against attacks such as Stuxnet or stolen credentials. Because cyber-security hardening is standard in all of Bedrock's components, the cost of obtaining the extra protection is negligible.
Bedrock created OSA as an open, secure platform for hardware, networks and software. Software developers can now apply for certificates of authorisation to incorporate Bedrock encryption keys into their software, thus giving their programs secure access to Bedrock’s controllers.
Several software suppliers are already using or testing this capability. For example, the IEC 61131 configuration and runtime engines developed by 3S (the German company behind Codesys) can now run over Transport Layer Security (TLS) with authentication to the Bedrock root-of-trust. M&M Software has followed a similar path with its FDT (Field Device Tool) frame application for configuring Hart. And later this year, Inductive Automation’s Ignition Scada software and other Scada suppliers are expected to follow suit.
“The increasing adoption of OPC UA, IEC 61131-3 and Ethernet standards lays a key foundation for operational and information technology domain convergence,” says Don Pearson, Inductive Automation’s chief strategy officer. “Everyone stands to benefit from improved communication among people, devices and applications, but overcoming related cyber-security concerns has taken on new urgency for many.
“Just as Ignition introduced a visionary Scada paradigm, Bedrock is revolutionising control systems-based cyber-security,” he continues. “We look forward to collaborating with the introduction and evolution of the first intrinsically cyber-secure Scada that leverages this visionary technology.”
In Florida last month, Bedrock demonstrated a technology that extends intrinsic cyber-security outside of machines through multi-factor authentication with smart cards, biometrics and role-based access management authenticated to the root-of-trust in the machine. These functions will be incorporated into Cybershield releases later this year.
Cybershield 2.0 is available now and will come as standard with all Bedrock control systems. Existing customers will receive it as a firmware upgrade.
• Bedrock has also announced a controller for users who want to protect their IP, infrastructure and human resources by restricting access to registered, company-controlled assets. The SCC.X Controller is supplied from the factory with company-unique root keys and certificates that limit connections to approved devices.