On October 17th and 18th, I visited the German developer conference heise devSec in Heidelberg. Despite the mainly web-centric orientation, the convergence of IT and OT (operational technology) was a hot topic.
A number of speakers, including the keynote by Miko Hyppönen from F-Secure, outlined the risks of insecure IoT systems. The stories were all quite similar: Manufacturers of OT devices such as building automation controllers or jacuzzi monitoring systems want to become part of the “Internet of Things“.
So they go ahead and tack an HTTP server with a fancy Web GUI onto their product. Usually, these stories conclude with hackers taking over the box and all of its attached peripherals (think: chlorine dispenser), plus compromising the customer’s network.
By pure coincidence, I also used the very same example of a Process Logic Controller (PLC) in my own talk. The core concept I presented was a “fill-in-the-blanks” security architecture template for systems based on a Separation Kernel such as PikeOS.
This document originates from the certMILS project, is open source and you can download it here. It will help you with partitioning your system in zones with different criticality, defining communication channels and identifying attack paths. Also, the template provides guidance in case you need to certify your system according to Common Criteria or the industrial IT security standard IEC 62443. Have a look at my slides as well to get a better impression what Separation Kernels can do for your security architecture.
In the end, visiting the devSec was a valuable and pleasant experience. 100 to 150 people were attending my talk, asking some interested and deep questions afterwards. This shows that there is a growing motivation for trying out new paths to tackle the notorious IoT security problems.
Please also have a look at my latest whitepaper about “Security-by-Design in Industry 4.0”. It can be downloaded here.