‘Trusted’ Security Effort Could Protect Factory, Embedded Networks

Security in the factory and automation sectors could get a big boost if a new industry working group is successful in its effort to create authentication and data security standards for the embedded arena.

The venture is being led by the Embedded Systems Working Group, a task force created last month by the Trusted Computing Group.

The Stuxnet virus, as well as attacks over the past several years on SCADA systems, have made security in the factory and automation sectors a front-burning issue. It’s projected that there will ultimately be 50 billion embedded nodes worldwide. Of course, many of those end points will be consumer and automotive users. However, for automation pros, this effort is significant, especially since it will leverage some previous security work developed for the enterprise.

Stacy Cannady, a consultant with Digital Management Inc., worked with TCG for several years when he analyzed secure IT platforms for IBM and Lenovo. He is helping the group organize its embedded program, and he acknowledges the effort is a massive one. Stuxnet notwithstanding, he said, more vertical embedded markets remain blissfully unaware of what a widespread hack of a system might mean.

“There will be a lot of pushback if you tell people they have to flush their entire inventory of low-end microcontrollers,” Cannady said. “If you tell the manufacturer of an MRI machine they ought to install a $3 component, it’s no big deal. Tell that to someone with a very simple sensor node, and it’s a nonstarter.”

The model TCG is using is that most solutions should have no impact on an end node’s hardware bill of materials. It must also be nearly invisible to the network and the system integrator running the network. A solution that uses software calls from a centralized PC or server to a node, with protected storage and processing, would be ideal. The problem comes when an industry decides a solution might be too top-heavy. That could very well be true in some situations, but the outlier cases of what hackers do might surprise some vertical embedded network managers.