Industrial security is a complicated, multifaceted challenge that cannot be solved by simply purchasing the latest technology. Instead, managing the security of industrial control systems and networks requires improving processes, tools and ultimately balancing risk.
All too often, individual Personal Computer (PC) users are the attack vectors responsible for eventually compromising an industrial facility’s entire automation infrastructure.
The advent of the Industrial Internet of Things (IIoT) has dramatically impacted the cyber threat landscape. The convergence of Informational Technology (IT) and Operational Technology (OT) has also complicated industrial security in some ways. Some organizations in the critical process industries have an air-gapped requirement prohibiting users of OT systems from direct or even indirect connection to the Internet. These organizations must find ways to safeguard data access from the enterprise all the way down to the device level.
Progress of the FDT Standard
Introduced in 1998 by FDT Group (an independent, international, not-for-profit standards association), FDT® technology (IEC62453, GB/T 29618-2017 and ISA103) standardizes the communication and configuration interface between field devices and host systems. It is regarded as the de-facto integration and information exchange standard and is deployed by millions of end-users around the world.
Integration resides at the heart of any automation architecture, and FDT provides a robust solution for the integrated manufacturing enterprise due, in part, to its strong security capabilities. The standard’s comprehensive cyber security infrastructure addresses potential cyber-attacks on automation assets. FDT provides unparalleled protection when integrated in control system vendor applications and hosted within a secure IT platform.
Developing an IIoT Server Platform
In 2018, FDT Group announced the development of an FDT IIoT Server™ (FITS™) architecture that will provides a flexible platform for deployment of IIoT-based solutions. The emerging FITS specification is set to empower the intelligent enterprise with native integration of the OPC Unified Architecture (OPC UA), as well as Control and Web Services for mobile applications. FITS will enable cloud, enterprise, on-premise, and single-user desktop deployment methods to meet the needs for process, hybrid and discrete manufacturing.
The FDT Server architecture allows for integration of web-based Device Type Managers™ (FDT/DTMs™) that are digital representations for physical devices. The FDT Server will include an online repository providing end-users with convenient access to the DTMs they need for various applications. The solution also includes an OPC UA Server, WebServer and stand-alone (local) applications. The OPC UA Server allows access to DTM data with OPC UA Clients. The WebServer enables the use of DTM WebUIs on remotely connected, web-based clients on smart phones, tablets, and PCs. The WebServer also supports the use of apps that improve workforce productivity and plant availability
FDT Group’s Architecture and Specification Working Group is integrating the .NETCore/Standard to allow the new FDT Server-based architecture to be completely platform independent. This transition will result in an FDT Server architecture that is deployable on a Microsoft-, Linux-, or macOS-based operating system, which will empower the intelligent enterprise by bridging the current installed base with next-generation solutions supporting the IIoT and Industry 4.0 era.
Enhancing Security Performance
As FDT Group prepares the emerging FITS standard, an important consideration is data security for the IIoT. This issue has gained importance as FDT transitions from primarily a single-user and client/server application to a full distributive architecture that supports browser-based clients accessing an FDT Server deployed in the enterprise, on-premise or in the cloud.
FITS will help to do away with the traditional automation pyramid. Indeed, it provides a way to “flatten” the control architecture to eliminate barriers to plant applications in need of directly accessing lower level devices in order to acquire data for analysis, operational dashboards, etc. This is made possible through flexible and distributed components designed to minimize potential security risks.
The FITS solution was also designed to meet both connected and air-gapped requirements, support virtually any automation architecture, and comply with contemporary security policies in a typical industrial operation. Furthermore, it has the unique capability of authenticating client devices attempting to connect to the server.
Developed by the FDT Group Security Team architects for consistency across different operating system platforms, FITS features robust multi-layered security and leverages vetted industry standards such as Transport Layer Security (TLS) enabling Web Sockets Secure (WSS) and Hyper Text Transfer Protocol Secure (HTTPS). The FITS security strategy encompasses:
- Encrypted communications using TLS
- Role-based user security
- 509v3 certificates for authentication
- On-the-wire-security for enabled industrial control protocols
TLS is a cryptographic protocol designed to provide communications security over a computer network. It has three basic functionalities: message encryption, detection of message alteration, and authentication between client and server. TLS ensures that all communication exchanges are fully encrypted. This enables the exchange of sensitive information while mitigating the risk of interception or alteration.
The FITS security architecture offers an optional level of security rarely seen with consumer grade TLS implementations. In addition to standard encryption and server authentication, FITS can be configured to confirm that a specific client device is authorized to communicate with the server. From an IT/OT perspective, administrators can therefore ensure that authenticated client devices have appropriate virus protection and meet other corporate security guidelines to ensure they are not the source of contamination via connection to the server.
Any authorized browser, app or application connected to the FDT Server utilizes Web Sockets, and as such, will be protected by Web Sockets Secure. WSS ensures the same depth of protection through message integrity, message confidentiality and strong authentication. At the same time, HTTPS is the secure version of Hyper Text Transfer Protocol (HTTP) over which data is sent between a browser and the FDT Server to which it is connected.
In prior versions of the FDT standard, there has always been a user authentication requirement that grants authorization to users based on a role-based security model. This approach has been effective for many years and is credited with eliminating a huge administrative burden on industrial OT organizations. Role-based security will be carried forward in the core of the distributed FITS architecture as a multi-layered security approach employing a defense-in-depth strategy. This layering of multiple security mechanisms provides a robust “belts and suspenders” approach to security.
The FDT Server’s X.509 certificate-based authentication schemes are tightly integrated with TLS to not only verify the correct server, but also confirm the client device is authorized to communicate with the server. This “triple handshake” of server, client device, and end-user authentication ensures that no impersonations, man in the middle attacks or otherwise unauthorized access is permitted. The use of encryption throughout the communication architecture ensures that no one can eavesdrop on any of the communications.
The various industrial control network organizations are moving towards a more robust security model for their respective protocols. One such example of security-on-the-wire is the newly released Common Industrial Protocol (CIP) Security Volume 8 by the ODVA organization. CIP Security coupled with FITS enables a complete solution for comprehensive, end-to-end, enterprise-wide security. The FDT Server will natively support CIP Security, linking the IT and OT security architecture with control. Security-on-the-wire will enable the control system to defend itself from unauthorized and/or malicious access. For instance, the layered approach within CIP secure EtherNet/IP™ allows users to implement EtherNet/IP with all control communications on the strongly authenticated, and optionally encrypted communications, to avert potential disruptions.
Finally, the FDT Server-based architecture can be deployed in the public or corporate cloud, allowing full replication of the server environment for instant cutover in the event of a virtual server or network failure. This improves availability, as all communications between a remote server and local control networks is conducted through a robust Virtual Private Network (VPN) tunnel or equivalent solution in order to obstruct intrusion attempts. The VPN establishes a secure connection from the cloud to an individual plant or factory while allowing redundant paths in the event of a cloud failure. It ensures that all communications between the remote FDT server and the physical plant(s) are carried in a hardened, encrypted VPN tunnel.
Integrating OPC UA Technology
A critical feature of FITS is the integration of an OPC UA Server providing the information model for enterprise level data exchange. Unlike patchwork solutions that try to gain access to some device information through OPC UA, the scalable FITS architecture natively employs an OPC UA Server allowing all devices on all networks to be accessed through the FDT Server. This capability requires no special configuration by the end-user. Any OPC UA Client that has the correct security profile can browse the entire plant project structure and access any information available from the FDT Server.
All of the well-accepted security mechanisms prescribed by the OPC Foundation are supported for the certified OPC UA Server built into the FDT Server architecture. This includes:
Trusted Information (CIA Triad): The CIA Triad is a model designed to guide policies for IT security within an organization. The elements of the triad (confidentiality, integrity and availability) are considered the three most crucial components of security. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.
Access Control (AAA Framework): Access Control is the way organizations control access to the network server and what services are available to users once they have access. Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which access control is set up on a router or access server.
FDT Group has taken a careful approach in developing the distributed FITS architecture to make sure that it correctly handles all the critical aspects of the CIA Triad related to data confidentiality, integrity and availability.
With growing reliance on connected systems in plants and factories, and ever-increasing amounts of data, it becomes more important for the ICS, its devices, and the data and points of connectivity to be inherently secure.
FDT Group’s FITS platform has been engineered from the ground up to provide the assurance of utmost security with flexible deployment options for the process, hybrid and discrete markets. This solution will be optimized by continued review of best practice implementations backed by FDT’s simplistic, secure-by-design approach.