Industrial controllers are becoming more and more intelligent every day. The highly specialized, often custom components of the past are being replaced by generic industry PCs or smaller ARM-based embedded devices whose functions are not just dependent on what their hardware allows, but also on how they have been programmed. The same hardware can operate an industrial loom, regulate the turbines of a power plant, or move data from barcode scanners to fieldbusses. All of this is integrated and connected for remote maintenance. It is just a matter of the right programming. Such versatility is a great cost-saver and a guarantee of maximum flexibility, but it also creates new challenges for the security of these IT systems.
These small computers have come to be known as embedded devices. Two decades ago, the concept of Programmable Logic Controllers (PLC) replaced the old fixed relay systems. As the devices are spread around the facilities they control, they are often interconnected for easier maintenance and supervision. More and more sensors are also included in these networks. One typical example is a smart meter that reports consumption levels to higher controllers in real time.
Using IT components made this a workable and inexpensive option for the manufacturing industry, marrying the disciplines of mechanical engineering and IT. Manufacturing 4.0, the Internet of Things, and the much-vaunted cloud are just a few of the many buzzwords in the industry. PLCs in production plants are linked with servers in the order processing department. Developers send their designs directly to the toolmaking machines. Managers can watch their production reports in real-time dashboards, even if they are continents away from the actual factory. This new type of system has been called a “cyber-physical system”.
Much of this has become an everyday standard. What is new is that components are not operated in isolation, but vertically integrated from the field to the SCADA systems up to MES at the top.
Manufacturing facilities are designed to operate over long periods of time. All of the mentioned functions have grown over time. Old parts are linked with cutting-edge systems. Many of them used to operate in closed networks or rely on proprietary interfaces. Whenever the system is expanded, people care about three criteria: functionality, security, and cost effectiveness. But new functions often outpace the necessary protections trying to keep up. Too often, virus scanners and firewalls are all that people think of – two minor building blocks of a total security concept and two building blocks that are often out of place in plant automation.
The security of manufacturing facilities and industrial systems is defined primarily by the security of their perimeters. That means protecting the factory on the outside with such simple means as high fences and thick doors. Production networks are similarly fenced in and protected by firewalls against the virtual world around them. There are also internal access restrictions with doors and login-protected systems.
But experience tells us: This is not enough. Trust in secure perimeters alone is trust misplaced.
Modern IT networks have more loopholes and backdoors than ever before. From WLAN to remote maintenance or site integration and internet access to the reliance on cloud services, firewalls have many openings to allow the functionality expected and required today. Many large and medium-sized businesses have done their homework and establish strong safeguards in their networks. The attackers have followed suit and often do not come in through the front door, but rather via third parties. Germany’s Federal Office for Information Security warns of the dangers of the network connections of smaller business partners. Lacking security expertise and resources make these more prone to exploitation than the actual target of the attacker – a preferred bypass for cyber criminals.
The problem is made worse by the many unintentional holes in the fence: bugs, surplus LAN ports, unmonitored remote access and so on.
If an attacker has overcome the first hurdle, he is already in the network and can start his malicious work. There will never be a foolproof yet commercially viable network.
The Inside Man
Attacks over the net might sound impressive - a common sight in movies and everyday news, and a very real danger. However, the most straightforward and most immediate danger is too often ignored: the attack from the inside. Attackers from within do not have to overcome the outer fences in the first place. They can walk right through the door and enjoy the trust of their peers.
A recent study by VDMA, the German Mechanical Engineering Industry Association, considers malpractice and sabotage as well as the intentional injection of malicious code the greatest current threats, with online attacks trailing behind. A majority of current security incidents are caused by insiders whose motivations reach from the archetypal disgruntled employee sabotaging production facilities to the selling of internal secrets as outright industrial espionage. The results of the study show that the concept of ring-fencing businesses with sophisticated access controls is powerless to stop this.
Rolling out additional security down to the level of individual controllers (with the respective licenses this needs) is often regarded as too complicated and cost-intensive. Such security is not essential for actual operations. However, current news about the activities of domestic and international secret services, not least in the field of industrial espionage, has given this topic a new relevance. The many individual attacks on single controlling systems or entire plants and institutions often go unnoticed in this flood of headline-grabbing news. The damage caused by lacking or flawed protections far exceed the upfront investments. The established precautions need to be expanded to protect the individual components. The security concept should begin as soon as any device is turned on, using a secure boot process to make sure that the software from the operating system to the individual application and its configurations has not been tampered with. Software developers are also interested in protecting their products against piracy. Just like their peers in mechanical engineering, they want to make sure that their expertise cannot be stolen or emulated. All of these protection needs for embedded devices are covered by CodeMeter technology. Working with License Central, this makes the allocation of licenses and keys user-friendly and stops the end user from having to worry about complex CAs or cryptographically secure key exchange processes.
In the IT world, CodeMeter’s dongle solutions and hardware-based license files are a long-established and trusted option, used frequently with specialist software like CAD applications. The principle has been adjusted for the world of embedded systems, as its implementation differs considerably from the old PC-based scenario: There are more operating systems and hardware platforms, all with their own tool chains. The available system resources also matter. Add to this the constraints of real-time operations and lifecycles of 10 years or more.
Ready-made CodeMeter Embedded Libraries are available for common combinations of operating systems and processor models. These can be integrated immediately in the protected applications. In the end, the CodeMeter Embedded Drivers are ready for virtually every device that has a libc. Keys and licenses can be stored on USB dongles, SD cards, ASIC chips, or in CmActLicense files.
The market already has solutions with integrated CodeMeter technology as a simple-to-use feature for the end user, e.g. CODESYS for PLC programming or Wind RiverVxWorks 7.0. Both come with CodeMeter built into the core of their development environments, making the solution available for use without any specialized know-how. There are many other custom implementations for controllers, embedded systems, medical devices, or entire production systems, protected by CodeMeter Embedded.
Any given manufacturing plant has many different parties involved, all with their own protection needs: the makers of controllers, mechanical engineers, the producers of the components, and the actual operators. Every party has a legitimate interest to protect. Plant engineers want to protect their intellectual property from being copied or stolen. Component suppliers want their set operating parameters to be maintained for warranty reasons, and they might have a licensing system integrated with their components. The plant’s operators care about the reliability and integrity of their facilities, and they want their process data and operating parameters to stay protected. Technicians commissioning and servicing the facilities need a licensing process that does not stop them in their work. What all of these people care about is a fully secure system whose protections simply work as they should and safely hidden from view - which answers the original question of why automation needs CodeMeter.