No Compromises on Security when Virtualizing Industrial Control Applications
By Charlie Ashton
As long as you select the right software platform, virtualization will bring a wide range of benefits to your industrial control application without compromising on the level of security delivered by traditional physical infrastructure. Moreover, virtualization will enhance your system-level security by enabling dynamic updates in response to emerging threats.
In industries such as energy, manufacturing, healthcare and smart buildings, there are countless examples of companies relying on industrial control systems installed twenty or thirty years ago. Increasingly, though, these legacy deployments present major business challenges such as: increasing operational expenses due to high maintenance and replacement costs; a dwindling pool of skilled technicians; limited flexibility resulting from sole-sourced solutions with proprietary programming models; slow product lifecycles out of step with fast-moving IT and mobile technologies; outdated box-level security features with no provision for end-to-end threat protection or dynamic updates.
To address these challenges, innovative companies are leveraging virtualization in order to slash their operational costs by deploying secure, robust, flexible software-based solutions as alternatives to legacy, fixed-function hardware.
With virtualization, Level 1 through Level 3 control functions are consolidated onto standard IT-class servers for significant CAPEX and OPEX savings, resulting in software-based digital controllers, PLCs, DCSs, SCADA software, HMIs, historians and applications. Updating software is significantly lower cost than replacing physical equipment. At the same time, companies can differentiate through software solutions while avoiding the cost, risk and downtime of removing and replacing proprietary hardware and software.
As companies evaluate the benefits of introducing virtualization into their systems, security is a critical factor and there are typically two aspects to consider. On one hand, software-based solutions offer end-to-end security both for the network and for the control functions, permitting dynamic updates in response to emerging threats while leveraging software firewalls, VPNs and Intrusion Prevention Systems from leading IT software vendors. On the other hand, hardware-based security functions are well understood and have a proven track record within critical infrastructure applications, so it’s important to ensure that that the adoption of virtualization does not in any way compromise the level of security compared to what’s available in state-of-the-art hardware solutions.
The Wind River Titanium Control platform addresses this need, ensuring that virtualized control functions achieve a level of security at least as high as that provided by the latest hardware technologies.
This post focuses on support for the Trusted Platform Module (TPM) function within Titanium Control. Subsequent posts will address additional security features in the platform, also summarized in the product overview.
Summarizing the background to this, TPM is an International standard, based on the Intel® Trusted Execution Technology (Intel® TXT) specification, for a secure crypto processor, originally viewed as a dedicated microcontroller designed to secure hardware by integrating cryptographic data into devices. The TPM specification was written by the Trusted Computing Group (TCG) consortium and standardized in 2009, with the latest version being TPM 2.0.
TPM offers facilities to provide measurements of software and platform components so that system software as well as local and remote management applications may use those measurements to make trust decisions. TPM’s support of remote attestation creates a nearly unforgeable hash key summary of the hardware-plus-software configuration. TPM also offers facilities for the secure generation of cryptographic keys, binding which encrypts data using a TPM key and sealing which encrypts data in a similar manner to binding but also specifies the state in which TPM must be in order for the data to be decrypted (unsealed) and a random number generator.
Software uses TPM to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in during manufacturing, it is capable of performing platform authentication.
One of the key benefits of virtualization in industrial control applications is that it enables the software-based control functions to run on generic server platforms located on-premise, either in a stand-alone configuration or a mini data center. In either case, customers expect to be able to deploy industry-standard servers that may not include hardware TPM. Virtualization also allows Virtual Machines (VMs) to be dynamically migrated from one physical server to another, whether to eliminate downtime during software updates, to recover automatically from platform failures or to adjust resource utilization in response to changing workloads. Binding a VM to a physical TPM severely limits the scenarios under which dynamic VM migration is possible.
To address these challenges, the Titanium Control platform has introduced an industry-leading virtual TPM (vTPM) feature. The vTPM comprises a complete software-based implementation of TPM 2.0. The vTPM device is instantiated on the trusted/secure Titanium Control host (encrypted). This enables Titanium Control to manage the vTPM device and its non-volatile data securely through the VM’s lifecycle, including migrating it along with the relevant VM. The vTPM device is configured exactly the same as a physical TPM and no changes are required to the application itself, which behaves exactly as if it had booted from a physical TPM.
For industrial control applications, it is critical to ensure an end-to-end boot process that is fully secure. With Titanium Control, vTPM is a crucial element of that boot process, which runs in the Unified Extensible Firmware Interface (UEFI) mode.
The vTPM feature in Titanium Control enables Wind River’s customers to achieve the full range of benefits from virtualized industrial control functions without compromising on the security that is an absolute requirement for critical infrastructure.
This post has only scratched the surface of the features in Titanium Control, all designed to streamline the deployment and operation of virtualized industrial control applications. If you’d like to know more about Titanium Control, please check out the information online or contact us to arrange a face-to-face discussion.