How NXP Enables Industrial Security and IEC 62443 Compliance
IIoT adoption increases productivity and efficiency while reducing costs in manufacturing. However, such systems often open up potential attack surfaces for malicious actors if not secured correctly.
The constant progress of industry 4.0 technology adoption enables engineers to solve complex industrial automation problems in exciting new ways. Industrial IoT (IIoT) technologies form the foundation of Industry 4.0. Each of these interconnected devices collects, generates, processes, and shares large amounts of potentially sensitive data that must be handled securely. Some of these devices, of which there may be hundreds or even thousands in an extensive network, monitor and control industrial systems in real-time. As a result, they can often influence processes directly without the data needing to propagate through the entire network.
In many cases, IIoT leads to an increase in productivity and efficiency while simultaneously reducing costs in manufacturing. However, the autonomous nature of such systems also opens up potential attack surfaces for malicious actors if not secured correctly. A single compromised sensor could lead to attackers stealing sensitive data (for example, user passwords and supplier details). In a worst-case scenario, attackers could go as far as causing a complete production standstill. Therefore, implementing proper security measures is of utmost importance as all connected systems expose themselves to potential cyberattacks.
This article discusses potential cybersecurity threats and attacks on industrial infrastructure and how engineers can address these issues in their IIoT solutions using IEC 62443. This set of standards is aimed at all parties involved in building industrial systems and provides a holistic protection scheme for operation technology. Finally, the article concludes how certified components and manufacturing processes can help reach IEC 62443 compliance in new products.
Figure 1. Industrial revolutions throughout history have opened up unlimited opportunities but also exposed new security threats. The current manufacturing landscape is adopting the 4th industrial revolution (Industry 4.0) technology.
Addressing the Potential Security Weaknesses in Industrial Settings
It is estimated that cybercriminals hack around 30,000 websites daily; on average, a company falls victim to a cyberattack every 39 seconds. More than 60% of organizations globally have experienced such an attack in one form or another. Moreover, cyberattacks are costly, with the average ransomware attack causing damages of around 4.62 million USD, and the recovery process is often lengthy.
Large industrial networks may comprise hundreds of small, connected sensors that each could serve as a potential entry point to a system if not secured correctly. However, there are many more aspects that potential attackers can leverage to gain access to a system. Examples include machine-to-machine authentication, intercepting cloud communication, and WiFi network onboarding. In addition, the convergence of IT and OT traffic on a single network has the potential to open up attack surfaces for malicious actors. Infected personal computers may also pose a problem in a factory that merges OT and IT traffic.
Finally, outdated firmware brought into a system before the current prevalence of cyberattacks can pose a risk to the integrity of an industrial network. These older machines coexist in the same network as newer equipment, and the old components may allow attackers to access the system and cause production downtime.
When vulnerabilities get exposed, device manufacturers typically update affected programs and firmware, as was the case with the infamous Heartbleed buffer overflow attack that was exposed in the popular OpenSSL implementation of the SSL/TLS protocol. This bug allowed attackers to eavesdrop on encrypted information, for example, passwords. OS and firmware vendors were quick to update their software and roll out the patches to their customers. However, when a manufacturer went out of business or stopped supporting a platform, the vulnerability was still present and potentially affected more modern equipment in the network.
Due to all these concerns, security, recovery, and updateability must never be an afterthought—it should always be a holistic consideration when designing an IIoT system. A company must adopt security as its philosophy to prevent falling victim to costly and lengthy attacks that can lead to loss of intellectual property and may damage a company’s reputation.
How IEC 62443 Helps Alleviate the Increasing Threat of Cyberattacks
IEC 62443 is a set of standards developed by industry-leading security experts to provide a holistic protection scheme for operational technology in industrial automation and control systems (IACS). It describes technical and process-related aspects and comprises four blocks that address all parts of an industrial design, from the supplier level to the individual devices and components to the complete IACS.
Figure 2. Four distinct sections define the IEC 62443 standard, from general terms to component level requirements.
The first block within the IEC 62443 standard defines the terminology, concepts, and methods used throughout the standard.
The second unit describes different roles, such as industrial facilities. For example, part 2-1 (IEC 62443-2-1) describes requirements for how operators of automation solutions have to consider security during a plant’s operation.
While part three focuses on cybersecurity measures for systems, the fourth part of the standard, aimed at embedded product suppliers, describes the technical requirements for the components in a product’s lifecycle. Besides defining technical requirements for components, this section further discusses four common component security constraints (CCSC) that a component must meet in order to comply with IEC 62443-4-2. In particular, CCSC 4, one of these constraints, states that the product must be developed with an IEC 62443-4-1 compliant process.
Further, IEC 62443 describes five security levels an IACS system can achieve. The standard defines these security levels and guides protection against security violations. For example, the lowest security level, SL0, describes a system that requires no special protection. In contrast, the highest possible level (SL4) classifies a system that requires protection against intentional security violation by an advisory with sophisticated means and extended resources: for example, a group of professional hackers trying to blackmail a company into paying a multi-million dollar ransom. Each security level defines a set of requirements that a system or component must fulfill to comply with that security level. So, for example, to comply with IEC 62443-4-2 on security level three (SL3), an IIoT solution must fulfill each criterion from the following list:
Figure 3. Resulting requirements for ISA/IEC 62443 4-2 SL3. Image used courtesy of NXP, “Security Primitives Nomenclature”
Finally, it’s important to note that the IEC 62443 set of standards is very versatile, as it can be applied to components in a system (such as a single machine) or the embedded parts within a more elaborate device (for example, a single microprocessor). However, the standards also describe how to secure entire systems and facilities, regardless of whether those facilities are factories, processing plants, building automation systems, chemical facilities, or medical systems or facilities.
Orthogonal to IEC 62443 security standards, one promising security standard for IoT platforms, was first published in March 2020: Security Evaluation Standard for IoT Platforms (SESIP). At its heart, it’s a security evaluation methodology that provides independent proof of security at the hardware level (attributes like cryptographic acceleration and secure storage mechanisms) and at the software level (for qualities such as user authentication).
SESIP allows IoT developers to re-use certification results, which helps eliminate the need to retest components and thereby reduce complexity, cost, and time-to-market for stakeholders. The objective is to build consistency across relevant certification schemes to facilitate product evaluation and certificate recognition.
The SESIP threat model aims to protect personal data on the device, such as authentication credentials. It also aims to protect data in transit, software code (as part of an application or platform), and data relating to product identity, configuration, system operation, and device life cycle. Five levels of SESIP Assurance, ranging from self-assessment to gradations of more stringent analysis, let device manufacturers choose the best match for their needs.
IEC 62443-4: Compliance at the Component Level
Planning and designing a product that complies with IEC 62443 requires reading and understanding many documents with hundreds of pages, which is a time-consuming and costly procedure that delays time to market and increases the cost of a product. During this process, many questions arise, and answering these questions typically requires a deep, structured understanding of the problem at hand and potential attacks and threats. However, engineers can significantly speed up the process of reaching IEC 62443 compliance.
NXP defined a set of security primitives to establish common grounds for security nomenclature in the IIoT sphere. The document describes security features on multiple levels distilled from various standards. It explains a framework that allows engineers to think about the security requirements of their products in a structured way. System designers can use this method to map certification and standard criteria and use-case requirements to product capabilities and vice versa. The framework aids engineers in selecting and integrating solutions that fulfill all their needs, for example, achieving IEC 62443-4-2 compliance in an automated way.
Besides helping engineers find components that match their security-related requirements, NXP also advances IIoT security by actively practicing a security-centered culture in their production. For example, NXP’s security maturity business process became certified under IEC 62443-4-1. In addition, specific NXP components, such as the EdgeLock SE051 secure element, are also 62443-4-2 certified and are targeted for SESIP Assurance Level 3 certification. Utilizing methods and components that are already certified facilitates compliance for larger products that integrate these components. However, incorporating compliant components alone does not automatically guarantee that a more extensive system complies with specific standards.
Reaching IEC 62443 Compliance By Using Certified Components
The NXP security primitives can help engineers find a security solution that fits their projects' needs. However, every project is unique, and so is the security solution needed. Engineers can choose from various powerful yet efficient SoCs with integrated security solutions, dedicated secure elements, or a combination of both—whichever best meets their requirements. Two prominent examples of MCUs with enhanced integrated security features include selected devices from the LPC5500 family of MCUs and i.MX RT1180 crossover MCU.
For example, specific models of the Arm® Cortex®-M33-based LPC5500 MCUs integrate security features such as Arm TrustZone®, a PRINCE block cipher module for real-time encryption and decryption of data written to and read from the flash memory, AES-256 encryption/decryption engine, and SRAM PUF-based unique key storage. These features allow the LPC5500 series to be used in secure edge devices in both consumer and industrial settings. Some devices in the LPC5500 family are certified for SESIP Assurance Level 2.
Finally, NXP offers various secure elements that ease compliance with IEC 62443 by implementing various security features while eliminating much of the complexity and potential errors of a custom security implementation.
In particular, the Common Criteria (CC) EAL 6+ certified EdgeLock SE050 offers root of trust at the IC level, providing strong end-to-end security for IIoT devices. This ready-to-use solution is compatible with a wide range of MCUs and MPUs. It also supports high-level operating systems such as Linux, Windows, Android, and real-time operating systems. Furthermore, engineers benefit from extensive development tools, code examples, hardware development kits, and detailed documentation to reduce development costs and time to market.
Conclusion and Outlook
Not only are industrial facilities constantly moving toward connected IIoT devices and extended cloud analysis, cyberattacks are an ever-growing threat to every modern company. When security is not taken seriously, people can potentially steal sensitive data. While functional safety is typically not in jeopardy, recovering from such attacks is often non-trivial, lengthy, and costly.
IEC 62443 is a versatile set of standards introduced to respond to the constantly increasing threat of cyberattacks in various institutions ranging from industrial facilities to medical use cases. To aid engineers with reaching IEC 62443 compliance, NXP introduced a framework that maps certification and standard criteria and uses case requirements to product capabilities and vice versa. In addition, some NXP production processes and devices are already certified under IEC 62443, which further helps cut down the development time and efforts required to reach IEC 62443 certification.