IIRA and RAMI 4.0Secure IIoT Applications Need Secure Application Code

Mark.Richardson@ldra.com

IIRA: Industrial Internet Reference Architecture

RAMI: Reference Architecture Model for Industrie

IIoT: Industrial Internet of Things

E-Bike

2

Security

3

Safety

4

Netherlands Cycle Path

5

UK Cycle Path

You can’t “bolt on” safety, you have to design it in.

The same is true about security in the IIOT.

6

The Internet of Things and Services

7

The “Internet of Things” (IoT) is a much used phrase, and one

full of optimism and promise

Smart Parking

Connected Water Meters

Gas Monitoring

Chronic Disease Management

Road Pricing

Telework

Connected Learning

Connected Militarized Defence

The Internet of Things and Services

8

https://www.informationweek.com

/government/leadership/internet-

of-things-8-cost-cutting-ideas-for-

government/d/d-id/1113459

US Water Utility Network

9

http://www.bbc.co.uk/news/technology-15817335

San Francisco Transit Network

10

https://www.wired.com/2016/11/sfs-

transit-hack-couldve-way-worse-

cities-must-prepare/

German Steel Works

11

http://www.bbc.co.uk/news

/technology-30575104

Ukrainian Electricity Network

12

http://www.bbc.co.uk/news/technology-35686493

Mirai Source Code

13

Default Password

1234

Distributed Denial of Service (DDoS) Attack

IoT systems are generally non critical systems such as a home thermostat, where a failure is not catastrophic

IIoT focuses more on complex industrial systems, such as power generation and transportation, which are much more demanding in terms of performance and which need to perform 24/7 with serious consequences in case of failure

Both IIoT and IoT are starting to have a huge element of machine-to-machine communications

IoT & IIoT

14

Security approach for IIoT needs to be the most

robust and highest performing system possible

Reference Architectural Model for Industry

German, French & Italian Initiative to support and strengthen the digitisation processes of their manufacturing sectors

The fourth industrial revolution: Towards intelligent and flexible production

RAMI 4.0

15

https://www.plattform-

i40.de/I40/Redaktion/EN/Downloa

ds/Publikation/rami40-an-

introduction.pdf?__blob=publicatio

nFile&v=4

IIRA

16https://rti.wistia.com/medias/8ma88ry3mw?embedType=async&videoFoam=true&videoWidth=640

Industrial Internet Reference Architecture

Enables Industrial Internet of Things (IIoT) system architects to design their own systems based on a common framework and concepts

IIRA and RAMI 4.0

17

IIC Functional

Domains and

Viewpoints

Reference

Architecture

Model for

Industrie 4.0

Umsetzungsstrategie Industrie 4.0 –

Ergebnisbericht, Berlin, April 2015

Industrial Internet

consortium –

Industrial

Internet

Reference

Architecture version

1.7. 4th June, 2015

Middleware

18

http://blog.iiconsortium.org/2016/07/applying-the-iira-to-the-iics-microgrid-testbed.html

• Applying the IIRA to the IIC’s Microgrid Testbed, deploying

DDS (Data Distribution Service) as a middleware solution

The Swiss Cheese model

19

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1117770/

There is no simple, “one-stop” answer to the security

conundrum. Cyber-security depends on vigilance in every part

of the architecture, the design, the development process,

including:

• Secure boot

• Domain separation

• Least privilege design principles

• Minimisation of attack surfaces

• Secure coding techniques

• Security focused testing

• Responsive maintenance processes

It is imperative that all critical application code is

written with security as a primary focus

Writing

Secure

Code

Build Safe and Secure Application Code

Use a Secure Coding Standard

Reduce Code Complexity

Define Safety Requirements

Requirements Tracing

Requirement Based Testing

Measure Structural Coverage

21

There are databases that track the security vulnerabilities and exposures. For many years now, all recorded exploits and vulnerabilities have been captured in a variety of databases, including: CVE – Common Vulnerabilities & Exposures (cve.mitre.org)

OSVDB – Open Source Vulnerability Database (osvdb.org)

SANS Institute - SysAdmin, Audit, Network, Security(www.sans.org)

OWASP - Open Web Application Security Project(www.owasp.org)

Tracking Security Vulnerabilities

22

Learn from Experience

Computer Emergency Readiness Team

CERT

23

Validate Inputs Validate input from all untrusted data sources. Proper input validation

can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments, network interfaces, environmental variables, and user controlled files

Heed compiler warnings Compile code using the highest warning level available for your

compiler and eliminate warnings by modifying the code. Use static and dynamic analysis tools to detect and eliminate additional security flaws

Keep it simple Keep the design as simple and small as possible. Complex designs

increase the likelihood that errors will be made in their implementation, configuration, and use

Top Secure Coding Practices

24

Use effective quality assurance techniques Good quality assurance techniques can be effective in identifying and

eliminating vulnerabilities. Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program. Independent security reviews can lead to more secure systems. External reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions

Adopt a secure coding standard Develop and/or apply a secure coding standard for your target

development language and platform

Top Secure Coding Practices

25

Source: https://www.securecoding.cert.org

Secure Coding Standard: MISRA C:2012/AMD1

26

Validate Inputs

Static analysis can be performed on the code and a number of metrics measured such as: Number of lines of code

Number of exit points

Fan in / Fan out

McCabe Cyclomatic Complexity

Keep It Simple

27

Example of High Complexity

28

Impossible to understand, maintain or test

IEC 61508 and Security

29

• IEC 61508 addresses security related safety risks just like

any other safety risks, and demands safety goals and

requirements to deal with them

Thermostat Safety Requirements

30

Design in Security

Build Safe and Secure Application Code

Define Requirements • Definition of safety and security requirements

Requirement Based Testing

• Requirement Coverage

• Impact Analysis

• Bi-directional Traceability from requirement to source code

31

Build Safe and Secure Application Code

Coding Compliance and Quality of Code

• Finding safety and security vulnerabilities

• Maintaining the quality of code

Functional Testing

• Ensuring correctness of function

• Robustness testing

Structural Coverage

• Achieving an appropriate level of code coverage

32

Requirement Traceability

33

Bi-directional traceability between requirements, test

cases, and source code

Traditional Security Market - Testing

34

Reactive

Coding Executable Testing

Not Dependable

Not Trustworthy

(Malicious Logic)

Not Resilient

No Guidelines

No Risk

Mitigation

Mostly Agile

Performance Tests

Penetration Tests

Load Tests

Functional Tests

Prevention is Better than Cure

35

Process remains same, additional considerations need to be addressed

Proactive

Coding Executable

Testing

Code Reviews

Functional Tests

Structural Coverage

(No Malicious Logic)

Security Tests

Security Risk

Assessment Drives

Security Guidelines

Agile/V/Waterfall

Dependable

Trustworthy

Resilient

Structural Coverage

36

Once all the High Level Tests have been executed, any code that remains un-exercised should be either removed, (if deemed to be dead-code), or new tests created to exercise it, or if in the case of defensive code (for example checking that a pointer is not null) then unit tests can be created to achieve 100% structural coverage

Structural Coverage Gap Analysis

37

Summary

Security has to be designed in

Multiple layers of defence

Safety Requirements

Secure Coding Standard

Requirements based Testing

Requirements Tracing

38

.com

Need more information?

info@ldra.com

Contact Us

39

Q A&

Any Questions

40