As industrial designers incorporate remote, fully interconnected factory equipment to reduce costs and simplify maintenance, the exposure to data disruptions or system cyber attacks becomes apparent. According to the 2013 Internet Security Threat Report published by Symantec Corporation, manufacturing was the most-targeted sector in 2012 with 24 percent of all attacks, compared with 15 percent in 2011. In addition, the research detected a 42% increase overall in cyber attacks in 2012 compared to 2011. Similarly, Verizon recently released the 2013 Data Breach Investigations Report (DBIR) which found that manufacturing is the highest targeted industry (33%) by those motivated by industrial espionage. In these attacks, cyber thieves were trying to access intellectual property, product designs, and trade secrets. The DBIR analyzes data from 19 organizations — covering more than 47,000 reported security incidents and 621 confirmed data breaches from the past year. The manufacturing sector also is one of 18 critical infrastructure sectors established under the United States Department of Homeland Security National Infrastructure Protection Plan to enable assessment of national, cross-sector critical infrastructure protection and resilience programs.
To deal with these potential disruptions, designers are devising techniques to protect or harden important and vulnerable elements of the industrial infrastructure. In fact, security precautions have changed the basic design goals for many industrial embedded devices. Designers are no longer just motivated to produce the simplest, lowest cost device for each project but must now strengthen systems with faster, more capable processors, secure data storage, and tamper-proof communications to simultaneously protect the software structure and data while executing the manufacturing function. To assist in this new industrial design approach, Intel has devised an overall framework combined with state of-the-art architecture to provide multiple security strategies that designers can employ to defend individual devices and the overall plant infrastructure.
One of the most recent security enhancement announcements is the Intel® Intelligent Systems Framework used to simplify connecting, managing, and securing embedded devices (See figure 1). The framework eliminates the man-hours spent analyzing and verifying interconnections and secure operation as new devices are added to an existing network. The framework combines processor architecture, operating systems, and other software to create ready-to-run, secure, and interoperable platforms for intelligent systems. Addressing security, the framework provides flexible recipes using scalable, off-the-shelf elements for platform, software, and data protection. For example, the firmware BIOS must be based on the Unified Extensible Firmware Interface (UEFI) specification version 2.1 or greater to enable Extensible Firmware Interface (EFI) Development Kit support for measured boot and secure boot. The framework also includes software and operational middleware from Wind River, McAfee, and Intel® for secure communications and manageability without sacrificing performance.
The framework leverages system processors with Intel® vPro™ Technology (Intel® vPro) providing built-in hardware support for remote management, virtualization, and platform security functions. This technology allows designers to activate, reconfigure, and if necessary, deactivate a remote embedded system. Intel® vPro™ technology capabilities are embedded in hardware so they can be accessed and administered independently from the operating system and software applications. Intel® vPro™ includes several features that provide hardware support for platform security. Intel® Active Management Technology (Intel® AMT) delivers certificate-based security allowing remote access to the embedded system for management and security tasks to minimize attack opportunities along with complete isolation for rapid repair of compromised systems. Intel® Virtualization Technology (Intel® VT) increases system performance and reliability with hardware support for virtualization software to safely separate and isolate security-critical applications running on the same system. In addition, Intel® Trusted Execution Technology (Intel® TXT) protects embedded devices against rootkit and other system level attacks with an industry-standard Trusted Platform Module device to store key encryption components and protected data.
A low risk way to take advantage of the security features of Intel® Intelligent Systems Framework and Intel® vPro™ technologies is to integrate products that have been certified or tested for readiness. For example, Avalue subsidiary BCM Advanced Research has announced a series of industrial computers that are designed to support the framework, Intel® AMT and Intel® TXT technologies. Based on Mini-ITX form factor motherboards, the BI255-67QMD series is equipped with the Intel® QM67 Express Chipset and supports Intel® 2nd generation Mobile Core™ i7, Core™ i5, Core™ i3 or Celeron® processors (See figure 2).
Intel Intelligent Systems Alliance members also provide variety of off-the-shelf boards and systems that include the Intel® Intelligent Systems Framework and Intel® vPro™ technologies. For example, the Advantech AIMB-273 Mini-ITX motherboard and the Portwell PCOM-B219VG COM Express module are framework-ready products supporting industrial embedded applications. These products allow industrial designers to start new projects with pre-tested hardware and software components to ensure that devices and systems include security provisions for built-in threat management. If you are ready to start an industrial project requiring a protected infrastructure, please share your questions and comments with fellow followers of the Intel® Embedded Community.
Solutions in this blog:
- Industrial - Top Picks - (blogs, white papers, and more)
- Security – Top Picks- (blogs, white papers, and more)
OpenSystems Media®, by special arrangement with the Intel® Intelligent Systems Alliance