A nation’s infrastructure is worth protecting. There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. Today’s electrical utilities face demands of a rapidly transforming industry, including stringent security regulations and power grid management requirements. They must also assure constant reliability and availability of power. Smart grid technologies introduce another set of challenges: the need for visibility, security controls, and compliance with the new requirements as laid out by the National Infrastructure Protection Plan[1]. BedRock provides the foundational for meeting these requirements.
Physical impacts are greater in the OT. Grid modernization calls for more of the inherent capabilities observed in IT networks to be replicated in OT. The consequence being more exposure to vulnerability exploitation but commensurate with that risk, the added capability and functionality in the OT can make it somewhat simpler to detect, contain, respond and recover as that is a whole different ball game.
So, how do we move to a drastically improved architecture, without adding multiple layers of abstraction, enables isolation / consolidation of workflows, and eases systems integration and implementation in legacy environments while doing so in a manner that reduces complexity and lifecycle cost?
Virtualization is a well-known approach (in software defined architectures) to reduce cost and complexity while regaining control of your innovation at the speed of software. This was spearheaded in IT decades ago. Now with the growing threat of intersecting safety and security, and with cost pressure and need to deliver innovation, this has become a widely accepted approach across all industries.
BedRock Systems™ builds its TCB[2] on virtualization, making sure the up-stack application, OS, container or microservices are migrated without the need to recompile—and, at best, with no changes at all. So, what changed to make BedRocking™ different from the old approach? BedRock was designed from the very beginning for CPU architectures with virtualization extensions—which means less code overhead. It’s optimized for the specific hardware, provides protection enforced by hardware, and with this also better performance! In order to be able to trust the code, BedRock designed and implemented its code from the beginning based on our innovative BedRock Formal Methods Automation™ process, which builds on precise specification, and proves key properties of the BedRock HyperVisor™, such as our BedRock Bare Metal Property™, guaranteeing separation of workloads.
Separation is not enough. In order to support fail-operational or cyber resilience with existing unmodified guest operating systems and applications, we need to add BedRock Active Security™ to the equation. On top of the formally ensured separation, we can protect the remaining attack surface (the guest operating system and applications) from failing the mission, by continuously monitoring and enforcing policy to protect and ensure the intended behavior of the guest workloads.
The traditional approach tried to either protect the endpoint or the back end. Going truly software-defined, we are protecting end to end. BedRocking™ adds a formally proven guarantee to the equation, that the virtualized workload is shielded from the others like running bare metal, and lateral movement of threats is becoming impossible.
In order to make BedRocking even more business-friendly, we made sure to optimize our open source licenses to avoid contamination, protect your IP, and ensure up-streaming against expensive forking.
Three Key Innovations for Security
- Formally proven security through guaranteed “bare metal” isolation:
Security is assuming the malicious attempt of an attacker and making sure the threat model can be simplified to barely any attack surface. BedRock Systems is using formal methods for the complete virtualization stack (VMM, root task, Microkernel, etc.) to ensure the design and implementation is not vulnerable, thus becoming the TCB. - Functional safety, extended to the “unintended use”:
By looking at safety and security as a tightly related challenge, BedRock is making sure that the stack is not only safe under intended use, but also secure. Which means still safe with the malicious attacker in mind. While the need for this sounds obvious, other systems separate these two aspects, neglecting one or the other. - Keep your workload secure, not only separated:
Separating is table stakes now. How would you then protect the communicating workloads from malfunctioning due to bugs and attacks? Our Active Security lives within the zero-attack surface BedRock HyperVisor. And with total visibility, it can remediate against faults and attacks with dynamic policy enforcement, being aware of the semantics of the guest workload.
The BedRock HyperVisor can be adapted to a wide range of architectures that allow you to take your existing appliances and software-define them as a virtual workload running without change.
BedRocking the World
The BedRock HyperVisor with Active Security allows various architectures to BedRock™ the critical infrastructure and remove abstraction layers. This helps to reduce the cost of the architecture, and it also adds Active Security to make application fail operational. This compares favorably to costly patching after the fact and to complex appliances and added attack vectors.
[1] Cybersecurity & Infrastructure Security Agency NATIONAL INFRASTRUCTURE PROTECTION PLAN
[2] Trusted Computing Base, the protection mechanisms within a computer system, to build your trust on in a secure architecture