07 Jun 2017 The Concept of Physical Enforcement of Cybersecurity Functions
A short while back, I was asked to speak at an event held by The Cyber Resilient Energy Delivery Consortium (CREDC), a research and development initiative funded by the U.S. Department of Energy. Its research focuses on cybersecurity and cyber-resiliency of energy delivery systems for the electric power and oil & gas industries. I’d like to share here a part of my contribution to this forum.
The future of combined software and hardware cybersecurity products seems to be fertile ground. While software-based cybersecurity measures such as firewalls and cryptosystems have been around for the past 30 years, hardware-enforced security is still a relatively new field. The rapid pace of innovation and vast reach of the Industrial Internet of Things (IIoT), as well as other computer-controlled physical environments, presents an opportunity to establish a new field of research, development, and commercialization for hardware-enforced security.
Take a simple example in the IoT space – a home appliance manufacturer designs a stove which can connect to a home area network. The appliance manufacturer may design the stove to report power usage to the Internet, and provide the ability to remotely power on and off the stove, in case we leave the house having forgotten to do so. The problem is that if the CPU driving the touch screen and turning on and off burners is the same CPU reporting to the Internet, then there is a real risk that this CPU will be compromised. This would permit malware or a remote attacker to turn on the burners at dangerous times – such as 2AM, when nobody is awake and flammable materials may have been left resting on the stove.
To address this risk, the stove would need to be built with at least two CPUs – one exposed to attack on the home area network, and the other animating the touch screen and controlling the burners. The control hardware must be wired such that the network-exposed, and potentially-compromised, CPU can send a “turn off” signal to the stove, but the CPU is physically unable to send a “turn on” signal to anything. This way, the worst-case compromise of the network-exposed CPU results only in a stove that could turn off at random times, not one that poses a risk of bursting into flames in the middle of the night.
This is where research opportunities for organizations like CREDC enter the picture. What are the risks a particular industry most needs to contain? What are the potential consequences? How do internet connections pose risks to our industrial sites, or to consumer or worker safety? What kind of computer or other hardware design can address that risk? What kind of information, if any, needs to flow through the hardware? How close can we come to guaranteeing that the hardware will permit no malware or unacceptable control signal ever to be embedded in necessary control-signal flows? What kind of software do we need to wrap around the hardware, to produce a powerful, flexible solution?
As a pioneer of unidirectional security gateway technology, Waterfall Security serves as an example of such innovation. A unidirectional security gateway is a set of hardware components that are physically able to send information in only one direction, coupled with software that replicates servers and emulates devices. The hardware provides security and the software makes the solution powerful and flexible.
In recent years, Waterfall has produced a host of products based on unidirectional gateway technology, including the FLIP®, Unidirectional CloudConnect®, and Waterfall BlackBox™ products, to provide physical cybersecurity that fits every industrial business’s needs. In the last ten years, our hardware-enforced products have been deployed widely across industrial sectors ranging from energy and manufacturing to transportation and water, proving that remote online cyberattacks can be prevented. There is a whole class of analogous hardware/software security opportunities waiting to be discovered, published, commercialized and similarly deployed, to make our increasingly computer-controlled physical environment safer and more reliable.