Barely a week passes by without worrying news of an attack on the infrastructure we rely so heavily on. Who would have thought that the availability of the most essential foundations for life on this planet are at risk? While experts have warned for decades that we need to take action, the recent incident in February 2021 in a Florida water treatment plant shows that not even access to clean water is sufficiently protected! As of writing this blog, the US Government released a specific order addressing this and other incidents. If water treatment plants are vulnerable, what about the manufacturing sector?
As stated by the US Cybersecurity & Infrastructure Security Agency: The Critical Manufacturing Sector is crucial to the economic prosperity and continuity of the United States. A direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.
While it is widely understood that critical assets need protection, and the various standards and NIST guidelines on the fundamental principles to build trustworthy and cyber resilient systems provide guidance, actual implementation is exceedingly difficult. There is no lack of understanding what is needed to protect our most critical assets from cyber attacks, and keep them fulfilling their duty. The key is in the implementation of that understanding.
The current focus on protecting assets directly connected to the internet covers a significant portion of the threat surface, but, we must not forget that manufacturing is not happening in an isolated vault or within a security perimeter, but rather is connected through the Industrial Internet of Things (IIoT). Manufacturing Execution Systems (MES) and Production Planning Systems (PPS) that support activities like KanBan and are interconnected, and in many cases either running in, or linked to the cloud. The old manufacturing pyramid with clearly isolated and segregated layers has been enhanced for direct access to data for planning and maintenance purposes.
The impact is that security is becoming a significant cost factor in manufacturing. According to research from Dragos Inc. the following threats are increasingly putting our supply chains at risk:
- Ransomware with the ability to disrupt industrial processes is the biggest threat to manufacturing operations. Adversaries are increasingly adopting ICS-aware mechanisms within ransomware that could stop operations.
- Disruptions within manufacturing industrial processes have supply chain implications that impact businesses and potentially operations elsewhere.
- The theft of proprietary and confidential manufacturing process details – often considered intellectual property – remains a high risk for manufacturers.
So, while we do know how we can protect our critical industrial infrastructure, the fact remains that it is still widely vulnerable. The huge amount of legacy in the installed base combined with significant cost pressures prevent a return to the drawing board for complete system redesigns with a focus on security.
The impact is that traditional Compute Stacks remain exploitable and are not trustworthy. Continued building on non-trusted platforms is extending the common problem of security we experience everyday. Additionally, the cost of protecting our infrastructure, while significant, is substantially less than the recovery cost associated with being hacked again. Compounding the problem is the complexity every added layer of security that built on the same underlying compute stack adds in addition to adding to the attack surface.
A practical path to secure the existing infrastructure includes approaches such as the DoD Zero Trust initiative which is based on securing existing assets, but implying that there is no trusted security perimeter. In effect, every communication and exchange action is based on the assumption that the counterpart has to be authenticated and authorized every single time to build trust for a transaction.
BedRock is going even further by extending the application of the Zero Trust Design™ paradigm down to its very core – in the code: Every resource in our capability-based system requires an explicit action to gain access to resources. A resource created by one part of the code is inaccessible and invisible to the rest of the system, unless a specific component has been granted access, by being given a specific capability for a resource. This defense in depth design ensures least privilege and least functionality at every level in the system, going as far as providing maximum separation at the virtualization layer, where every running guest is allocated its own Virtual Machine Monitor (VMM) to ensure maximum separation between consolidated unmodified assets.
The provably secure BedRock HyperVisor™ (BHV™) is not only driving secure SWaP-C and modernization initiatives by providing the strongest possible guarantee for separation based on a formally verified Bare Metal Property™, while also protecting existing software and applications with deep semantic behavioral analysis grounded in Active Security™ that allows you to lock down your assets and prevent an attacker from taking control of your critical asset.
Foundational kernel integrity protection, combined with the ability to configure fine grained policies, and application specific policies without modifying the OS or the application enables the business case to securely modernize infrastructure with virtual appliances in a Software Defined Architecture.
All of this is from within the provably secure BHV™ minimizing the attack surface and which meets or exceeds even the most stringent security needs without the need to rebuild or recompile the existing OS’s, Applications or Services.
If you have assets you want to get BedRocked, have a requirement to optimize your CAPEX and OPEX costs, or need to unlock your service agility by adding the trust needed for deployed and cloud based applications participating in the IIoT opportunity, get in touch with us.
We are happy to discuss how your brownfield and greenfield projects can be made safe and secure at the same time, while crushing abstraction layers and cost.