Shaping the Industry 4.0 Landscape with Decentralized Cyber Resiliency
Posted 01/27/2023 by Eric Sivertson, Vice President, Security Business
The past decade has brought about some incredible innovations to the industrial technology sector. From artificial intelligence and cloud computing to the Internet of Things (IoT) and 3D printing, these advancements are all part of Industry 4.0 – the fourth industrial revolution that focuses heavily on interconnectivity, automation, and real-time data.
Due to this increased interconnectedness, particularly between sectors like technology and manufacturing, Industry 4.0 has also had a massive impact on cybersecurity. With valuable data and information being transferred through the cloud and across Infrastructure Technology (IT) and Operation Technology (OT) systems, malicious actors are eager to attack.
With this growing influence of Industry 4.0, Lattice focused our latest security seminar on the trends we’re seeing in the industry and the new standards that are developing. If you missed the live event, you can watch a recording of the "Industrial Cybersecurity Trends and Standards in FPGAs" seminar here, or read on for highlights from the discussion.
Cybersecurity Trends: A shift to decentralization
The biggest trend we’re currently seeing in cybersecurity is a transition from the Citadel process of security to a more decentralized process. The Citadel model utilizes more centralized computing and a defined perimeter. This model is a lot like a castle on a hill where everything outside the perimeter is at risk, everything on the inside is safe, and access is highly controlled.
The new method of cybersecurity is different – it’s more focused on Edge and decentralized computing. While decentralized security might seem more exposed and easier to access, it actually shrinks security measures down to the low level parts of the system, allowing for increased protection and the possibility of real-time reactions to incoming threats.
As this shift transpires, there are four key areas of increased importance, particularly in the Industrial market: Root of Trust (RoT) products, cyber resilience, supply chain security, and the merging of IT/OT.
RoT products are designed to be reliable from the time they power up to the time they power down. They are prime examples of “CIA” (confidentiality, integrity, and availability) as they have a dedicated cryptographic and asymmetric engine to protect code from being erased, read, or rewritten, and utilize digital signatures to ensure the code utilized is the right code. RoT products are unique so they’re harder to clone. They have a unique ID so only the part itself can encrypt or decrypt what’s in the memory, otherwise information is locked off. Essentially, RoT products shrink the old “castle on a hill” down to the hardware level.
Second, as firmware attacks grow exponentially, hackers are taking advantage of low-level hardware more and more and cyber resiliency becomes incredibly important. Cyber resiliency is continuously delivering an intended outcome despite adverse cyber events, like being attacked. Every system must have multi-channel, simultaneous, real-time protection of all components, where many are turning to automated systems that can protect, detect, and recover in real time.
The third trend we can expect to see is greater supply chain security. By nature, the supply chain is a target for hacking and attacks as developers must share critical information – like intellectual property, software, register transfer level (RTL) code, and crypto keys – with other entities in the supply chain. This transition from one to the other increases vulnerability. However, using tools like Lattice SupplyGuard can strengthen supply chain security by making it more difficult for attackers to capitalize on this process. By using SupplyGuard, customers can ship out locked parts and remove IP or keys from the parts, ensuring that manufacturing is not part of the security process.
Lastly, we can expect to see a merging of IT and OT. This provides more protection for industry networks and often develops firewalls between IT and OT, allowing more end-to-end security.
As more and more businesses transition their security models to more decentralized processes, FPGAs are a great way to weather what is coming and change the paradigm of Edge computing. FPGAs are a useful tool as they can help monitor traffic in real time, look for inaccurate transactions or rogue situations, and can carry out these actions on multiple channels at the same time. FPGAs also enable developers to check authenticity and make sure everything is running according to plan and, if not, provide the ability to go into recovery mode and make sure the part is working properly. FPGAs like Lattice MachXO5™-NX are key RoT tools that secure networks in real time and can protect, detect, and recover quickly.
The New Standards
With the shift to a decentralized process, new standards are being defined and set. In the server community, we see National Institute of Standards and Technology (NIST) 800-193 and the Trusted Computing Group (TCG) CyRes becoming increasingly important.
Additionally, Open Platform Communications Unified Architecture (OPC UA), which addresses key security issues, is becoming more popular due to its ability to verify functional profiles, define secure communication on secure hardware, help set up cyber resilience with a cycle of protection, detection, and recovery functions, and more.
Lastly, International Electrotechnical Commission (IEC) 62443 is a key standard that protects suppliers, like Lattice, and helps to define requirements and compare implementation. Additionally, IEC 62443 can be a foundation to build cyber resilience with a cycle of protect, detect, recover.
The Future of Cybersecurity
With the evolution of Industry 4.0, it’s becoming increasingly clear that the question is not if, but when, you will experience a cyberattack. Thus, it’s critical that companies begin transitioning to decentralized cybersecurity methods.
FPGAs are a key tool that can help protect information, intellectual property, products, and more. To hear more about how Lattice FPGAs can help bolster your cybersecurity, be sure to watch the discussion or reach out to speak with our team.