While IIoT opens up enormous benefits for those who embrace the technology, merging the worlds of Operational Technology (OT) with Information Technology (IT) also places it at the mercy of bad actors and hackers. Since the discovery of Stuxnet, a computer worm that targets Supervisory Control and Data Acquisition (SCADA) systems based on Programmable Logic Controllers (PLCs), in 2010, industrial automation systems have been subjected to further attacks. These attacks have caused severe damage to manufacturing equipment and plants.
Although OT systems are more obscure in their structure than IT systems, this hasn’t stopped hackers from using OT systems for executing attacks. This vulnerability has highlighted the need to tighten security, ensure that software is checked for authenticity before execution and limit who can apply changes to installed systems.
The industry has coalesced around IEC 62443, a series of standards that recognize the security needs of Industrial Automation and Control Systems (IACS), their performance requirements and risk management goals. IEC 62443-4 provides guidance for product suppliers, developers of PLCs, DSCs or networking devices and the fourth and sometimes third tier.
Devices must fulfill Foundational Requirements (FRs), such as identification and authentication control, system integrity and data confidentiality. Hardware devices, such as the ATECC608 Secure Element (SE) and TA100 trust anchor module, can be combined with any MCU or MPU. With a very low power consumption, they offer protected storage for keys, certificates or data and hardware support for asymmetric signing, verification and key agreement according to ECDSA:FIPS186.3.
If your system connects to cloud platforms such as AWS IoT Core or Microsoft Azure, you can use preprovisioned Trust&GO devices. Pre-configured devices preprovisioned with default generic certificates are also available with TrustFLEX, while TrustCUSTOM offers complete flexibility. Developers and device manufacturers benefit from Microchip’s secure manufacturing facilities, even when ordering smaller quantities of units. This SE hardware is also fully supported by the CryptoAuthLib and Trust Platform Design Suite software libraries and development kits.
One of the core challenges with embedded systems is establishing trust from the moment the first instruction of the firmware is executed. Platform root of trust solutions support cyber resiliency that anchors the secure boot process using runtime firmware protection upon which an entire chain of trust is built. This is the approach taken by devices such as the CEC17xx and MEC17xx platform root of trust MCUs.
These Arm® Cortex®-M4-based devices hold the host application processor in reset during startup as they execute an immutable secure bootloader. With this initial trust established, the host processor’s firmware is loaded, decrypted and authenticated from an external SPI Flash. If all is well, the host processor can execute its firmware. From this point on, the CEC17xx and MEC17xx devices continue to monitor SPI and I2C interfaces against unauthorized accesses or commands using the Soteria firmware that supports secure firmware updates and other advanced security features.
Security features permeate the other programmable devices offered by Microchip. These include the PolarFire® family of FPGAs and SoC FPGAs, with their cryptographically secure supply chain, side-channel-resistant crypto accelerators and Physically Unclonable Function (PUF)-based key storage. Families of MCUs such as the PIC32CM Lx family offer secure boot and Arm TrustZone® technology, which supplies both asymmetric and symmetric key cryptography and customizable certificate storage slots.
Microchip also supports developers from project kick-off thanks to Microchip University courses, such as the Cryptography Primer course that provides the required security fundamentals.
Find Out More
Microchip’s SHIELDS UP! webinar series also provides ongoing support. A collection of trusted partners is also available to provide guidance on the security issues surrounding the development of embedded IIoT systems.
