The Critical Infrastructure Challenge: Developing and Supporting Software for the Long Term
By Gareth Noyes
Software content is increasing in every realm of technology, and has been the catalyst for the explosive growth of entirely new market sectors. The development and deployment of software at scale has matured significantly over the last decade in enterprise- and cloud-IT applications. This has been enabled, among other factors, by:
- Uniformity of computing infrastructure (think of standard PC or server platforms).
- De-coupling of hardware and software dependency through virtualization.
- Mass adoption of a few standard operating system environments (today’s world of Windows, Linux or Android compared to the many flavors of Unix or propriety workstation OSes of a decade ago).
- Adoption of cloud services or rich application frameworks and programming languages that abstract complexity and speed development.
- Lean development and deployment processes that allow rapid innovation and deployment of new software features into production environments.
In the IT domain, an entire topology of infrastructure has been defined with relatively clear processes and domains of responsibility for developing and maintaining assets. For example, it is typical for hardware and operating systems to be specified and maintained by an IT department pushing updates from their platform vendors, with applications being managed by the Independent Software Vendor (ISV) themselves through automatic updates. In such an environment, software developers can rapidly and frequently deploy new features and ensure that bugs or security vulnerabilities are addressed through on-going updates. That said, constant platform-wide modifications can also open the door to potential new security threats with wide reaching effects, since a common, non-customized version of software is often deployed across many scenarios.
The challenges of maintaining software in Critical Infrastructure (aerospace, defense, industrial, telecommunications/networking, transportation systems, etc.) are very different. Firstly, responsibility for complex hardware and software content often lies with a single critical infrastructure equipment vendor who builds a somewhat fixed-function device to perform a specific task (for example an Electronic Control Unit for braking in a car, a high-performance CAT scanner for medical imaging, or a flight management system for controlling complex avionics equipment in an aircraft). Secondly, the critical nature of many applications means that a very different approach is required to develop systems that will be deployed and maintained reliably over long periods of time. The device lifecycle here is traditionally much longer than in the IT world, and support often must be tailored to the unique needs of an equipment vendor.
While these systems also contain hardware and software, they are typically very different from the IT systems described above. Some differences include:
- Hardware platforms are often entirely or semi-custom, optimized for some combination of power-usage, performance, quality metric or price. As such, embedded systems may use a range of processor architectures, hardware accelerators or custom IO, and require software that is highly customized for that function. As a byproduct, the highly customized nature of these very specific devices also reduces the potential for any one cyberattack to have far reaching impact beyond the targeted system.
- Software characteristics that are atypical of IT systems may be needed, such as determinism, low latency, high-availability, or the ability to be certified to meet stringent regulated standards (such as DO-178C in commercial avionics systems, or IEC61508 in industrial environments).
- Critical infrastructure is often deployed with lifespans in excess of 10+ years, even multiple decades, and is often hard to access or update.
- Reliability and performance are often more highly valued than flexibility, and as such, systems are typically more static and need to be maintained as a fixed configuration over a long period of time.
Given the strict demands and long lifespan of Critical Infrastructure systems, ongoing support and maintenance for the entire lifetime of deployed devices is essential. Unlike in the IT domain, custom approaches for supporting long-lifecycle products are often required. As it is often impractical to keep devices actively up-to-date with the latest releases of available software, customers may require support for older versions, or need a snapshot (or “frozen branch”) unique to their build, maintained for them over a period of time. Even if it possible to update a device’s software, regression-testing or the complexity of product inter-dependencies could mean that a unique combination of updated software needs to be deployed, and that may require very specific migration support. Embedded software vendors have developed this know-how and unique processes, and it’s often one of the pillars of their business model.
For more than 35 years, Wind River has supported the development of Critical Infrastructure applications. Our flagship VxWorks product remains the RTOS de facto standard for companies across Critical Infrastructure segments who have zero tolerance for high-latency or system failure, and our Wind River Linux and Titanium Cloud family of products are building on this heritage for customers requiring more scalable open source solutions for edge equipment. Wind River has the mindset of keeping safety and security a high priority at every step of development and vigilantly maintaining the right practices over time. With that approach, we’ve built in security across all of our products and development processes to meet rigorous requirements across many Critical Infrastructure segments. We provide security audits and threat assessments via a consultative process to determine the type and level of security appropriate for a customer’s project. Also, our active security monitoring and vulnerability remediation process provides customers detailed analysis on the vulnerabilities, impact and the resolution.
Our product development and customer support processes have been optimized to support a broad range of hardware for highly customized deployments over long periods of time. We offer several options to provide customers support and maintenance past the normal commercial software lifecycle to ensure they can maintain the operational, safety, and security integrity of the systems deployed in Critical Infrastructure environments. We can also assist customers in upgrading to newer software versions and offer tailored migration paths.
The cadence of how Critical Infrastructure software is developed and maintained is different from IT systems, and requires a unique set of skills and infrastructure which has been part of Wind River’s DNA for decades. Nevertheless, I believe that embracing the benefits of modern IT software development and deployment is going to be required in Critical Infrastructure and will be a core competency this ecosystem will need to adopt. Stay tuned for my next blog post on this topic.