Without security, safety in the IIoT is of little value

As technology progresses and economies of scale continue to work their magic, more powerful microcontrollers are finding their way into smaller, smarter instruments. This additional processing power allows real-time operating systems (RTOS) and network stack software to run and connect the devices to the internet. But while the engineers are basking in the glow of their new IIoT device they fail to notice that they just painted a big red X on their instrument; it has become a potential target.

Imagine that the device has a sensor providing information to a control system. What happens if an electronic intruder is able to make that sensor lie, or for it to be misinterpreted, such that the controller uses incorrect values? This could have implications ranging from having little or no impact, to financial loss, all the way to the loss of life due to a plant disaster. In this case, the instrument manufacturer may have created a SIL-rated device but if you can drive a truck through their security holes, will anyone care how low the PFD is, or how high a Safe Failure Fraction the device has?

One way for manufacturers to address security needs is to look to IEC/ISA 62443 and its seven Foundational Requirements (FR). Based on how well the devices implement these requirements, one of five Security Levels (SL) will be awarded for each FR. Depending on the results of a plant/facility cybersecurity audit, different network zones and segments will be determined to require different levels of protection.

As one would expect, Security Levels start from providing no real protection and move up through protection against attackers with more sophistication, resources, skills and motivation. Depending on the nature of your IIoT device, your security needs may not be very extreme. However, if your device is the last line of defence in a safety system, then your needs ARE extreme. This IEC standard is just one set of recommendations for cybersecurity. Even if an IIoT device is not going to be evaluated against it, it still provides good advice on security features to consider.

The reality is that instrument manufacturers’ safety-related devices are designed from the beginning to meet a particular SIL rating. Their hardware and software development and management processes as well as the resulting paper trails must be up to the task to hold up to the scrutiny of audits. Companies that are capable of this level of excellence when it comes to making safe (SIL-rated) devices are also likely to be able to meet the levels of rigour needed to achieve their targeted Security Level.

With every news story about a data breach, hacking or other cybersecurity attack, the stakes get higher. The good news is that, like other engineering areas, risks can be reduced. Using security features present in modern instrumentation will help, but more importantly, ensuring their compliance can go a long way to plugging holes.

I like to believe that people are basically good and want to do their jobs properly — keeping things safe and secure. Therefore, microprocessor-based instrumentation, sensors, control systems and final control elements should be designed from the ground up to enable them in this mission. In today’s world, a device performing a critical function cannot reach its safest levels unless it is also secure.

Jonathan Berg is the Software Engineering Supervisor at Moore Industries International, where he manages a team to design and develop embedded software for instrumentation. He has over 20 years’ experience in the industry, has spent the last 10 years developing software for functional safety (SIL3) products, and has a keen interest in the evolution of the IIoT.

Image: ©stock.adobe.com/au/EtiAmmos