The industrial IoT is more secure than air-gapped SCADA systems, says GE CTO

The old security-by-isolation model is no match for cloud-based analytics, claims Harel Kodesh

It can come as a shock to many people that crucial infrastructure such as power stations and traffic control is run on industrial control systems (ICS) that might be 30 or 40 years old.

What's more, because of the difficulty in taking supervisory control and data acquisition (SCADA) systems offline for patching and maintenance, many rely on "air gaps" to maintain security, with the SCADA network physically separated from the malware-infested internet. However, these can be breached - the Stuxnet worm being a classic example - and other vulnerabilities such as ports being left open accidentally can provide an entry point for an attacker.

Traditional standalone SCADA and other ICS systems are starting to be replaced by the industrial internet. The industrial internet, in which systems are networked via secure gateways over the cloud, is being driven forward by companies such as IBM, Siemens and industrial giant GE, whose VP of software services Bill Ruh recently told Computing: "It's about getting better outcomes out of the machines we produce."

It is also inherently more secure, says Harel Kodesh, VP and CTO at GE.

But wait a second. Aren't we really talking about the Internet of Things (IoT) - millions of sensors streaming out data to who knows where? Don't security experts describe the 500 connected devices predicted for the average smart home as "500 open windows" because of their mix of connectivity protocols and lack of security standards?

These concerns may be valid for the consumer IoT, but not for the industrial one, Kodesh says.

The three internets

"The industrial internet is really one of a troika," Kodesh says. "There's the consumer internet à la Facebook and Google, the enterprise internet à la Salesforce, Splunk and Concur, and now the industrial internet, which is where we are."

The security vulnerabilities in the consumer internet - and by extension the consumer Internet of Things - are often down to the need for convenience at a low price, he said, as well as the rapid turnover of products.

"If you look at the IoT it gets a bit bipolar. If you think about your FitBit you can't imagine that in a few years you'll be using the same one. At the other extreme you have devices that we deal with that are in service for 35 or 40 years and cost tens of millions of dollars. This reflects the investment that operators are willing to pay, and they are willing to pay a reasonable amount of money to protect their investment through funding this technical innovation."

These devices include locomotives, aircraft engines, manufacturing plant and wind farms, but it goes further than that.

"These are just the poster children of the industrial internet," says Kodesh. "At the other end you've got a vending machine in an airport. It's obviously much simpler than a jet engine so you have don't have so many sensors, but if I want to plan an optimal route for my distributors to stock vending machines I'd like to get some information from each one of the little compartments in the vending machine. That's a good example of the lower end of the industrial internet."

At the edge

The edge devices of the consumer internet are phones, smart TVs and PCs "which are architecturally similar to the blades in the data centre that do most of the processing. They're not exactly the same, but if you take them apart they have the same kind of components".

In contrast, the edge devices in the industrial internet are very different: "They're drills, locomotives, jet engines. The first thing you need to do is protect the edge devices and make sure that no one can go in and put in rogue software and you make sure you have a very detailed audit log about who can touch the device and why. You can do this on phones too, but there's not a whole lot of demand for that."

The middle layer

The middle layer of the industrial internet - i.e. the gateway between the edge devices and the cloud - is necessarily more sophisticated than its civilian counterpart. In the consumer IoT most of the processing is done in the cloud. But with the industrial IoT that would be too slow, meaning the gateway has to handle a lot of real-time processing. As well as low latency, this has security advantages, Kodesh explains.

"In a wind farm you have, say, 100 wind turbines, each with its own controller. The wind changes in direction and intensity every microsecond and because each turbine creates turbulence which may affect the turbine behind it, you have to optimise the whole farm not just the single turbine, so you want to do this optimisation computation locally because the cloud is too far away."

Kodesh continues: "By doing this you build in an extra security layer. You can immediately see if there's any anomaly. So if a controller wakes up unexpectedly or starts getting data from an unexpected source, that's a red flag."

The cloud layer

Individual gateways are connected to others via the cloud, which allows for cross-site analytics and intelligence sharing. Because of this, and since industrial internet servers powering the cloud are optimised for security, the industrial IoT has advantages over isolating systems with air gaps, says Kodesh.

"You can have situational awareness. If you have an IP address that's trying to get into a power station in Poland and the same IP is connecting to a power station in the UK then you should check it out. If you were operating your own system then you wouldn't get that sort of intelligence. It's a bit counter-intuitive but cloud operations in our context are more secure not less secure than operating in isolation."

He continues: "The second thing is the design of the systems is 'security first functionality later'. Then we have to make sure we have enough compute capacity to guarantee performance. We also have a bunch of technology that I'd rather not elaborate on but which responds to zero-day and advanced persistent threats.

"The last thing is that within Predix [GE's industrial internet cloud platform] we have multiple layers and each layer assumes everything else has been compromised, so every layer has to authenticate itself. That's a tax we feel we need to pay. Consumer internet operators assume that consumers wouldn't approve of that. If the performance is not what you're used to it's thrown overboard. We are okay with industrial internet being a bit more bureaucratic."