Energy
The status quo in converged Enterprise information technology (IT) and operational technology (OT) networks is physical connectivity with network level segmentation, network-based intrusion detection/prevention (IDS/IDP) predicated on insecure plaintext over-the-wire communications, or a bump-in-the-wire broker-based blockchain fabric overlay. Achieving logical trusted connectivity to implement a cost-effective and highly efficient zero-trust architecture over existing network infrastructures and in-field devices requires a paradigm shift from “cyber threats” to “cyber risks” and from “multi-layer peripheral defense” to “operational resilience at the core” for long-term desirable outcomes with application security by design.
The market drivers for massive IoT/IIoT
The convergence of IT and OT has been challenged by the dichotomy of workflows from device onboarding to provisioning, monitoring, and in-field updates. Securing device communications (east-west, north-south) in contemporary IoT reference architectures across industry sectors, alongside network segmentation models, requires a deep understanding of methods and protocols for authentication and security. Trusted connectivity to Internet based applications and Software-as-a-Service (SaaS) platforms require domain (and cross domain) roots of trust. Post quantum risks to critical infrastructures require quantum resilience by design based on emerged standards and specifications. A cost-benefit analysis for modernization with a do-it-yourself (DIY) design that entails extensive engineering, open-source components, multi-vendor commercial off-the-shelf (COTS) components, and/or simplified APIs for low coding requires a strategic balance of technology and public/private collaborations.
Data to microservices
Data (e.g., device and application intelligence, telemetry, health metrics) to applications at the edge or in the cloud requires low latency and high bandwidth. Trusted data streams to AI/ML foundries with webhooks, for richness of training data feeds, requires labels for verifiable trust using metadata markers, signatures for data authentication, and simplicity of APIs for low coding effort on devices to instrument embedded applications.
Smart Grids: Vulnerabilities & Exploits
- Insecure field level communications (intra & inter substation)
- Weak encryption algorithms
- Weak message authentication protocols
- No resilience to sophisticated cascade (tripping) attacks
- No mitigation controls for remote recovery
- No quantum safe design to tamper-proof data
- No security by design for device authentication and trusted data to microservices
- Weak supply chain provenance for field updates to the operating system, firmware, and software
- Lack of detection methods to classify OT/IoT events as true/false positives or negatives
- Weak mitigation with timeliness of security patches to prevent published exploits.
IoT Reference Architecture
The Open Systems Interconnection (OSI) model provided a reference architecture for network communications (or inter-networking) between connected things. In the modern era, the classical Purdue model for industrial control systems and the Internet Engineering Task Force (IETF) IIoT reference architecture provide a secure connectivity framework for closed (or controlled) environments. The convergence of information technology (IT) and operational technology (OT) will require a mutual trust model between open (public) and closed (private) environments for transitive trust from the first mile to the last mile, based on interoperability standards.
IoT/IIoT requires a hybrid model for “device-to-cloud” and “device-to-edge” connectivity, as compute is distributed between on-cloud and at-the-edge platforms. The economics and real-time latency considerations are driving compute to edge platforms powered by GPUs for AI/ML and remote orchestration of workloads (native, virtualized, or containerized). Mobility is driving device-to-cloud connectivity over wireless (5G).
Simplified Solution for Energy and AI/ML
Symmera’s DIN platform services offer a simplified workflow, from factory to field, for fit-and-finish in site infrastructures with online or air-gapped devices. The orchestration services may be deployed On-Cloud or On-Premises as a SaaS platform.