The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Bedrock Commentary on ICS-CERT Advisories
April 7, 2021 | Albert Rooyakkers
ICS-CERT Advisories for Industrial Control Systems are provided by – and can be viewed on – the Cybersecurity and Infrastructure Security Agency (CISA) website.
At Bedrock Automation, cyber security is an intrinsic function of our OSA® platform. From inception, the stated design mission is to build control systems that are simple, scalable and secure. This is what we have delivered from day one. Understand, however, that simplicity in this context is a product of meticulous engineering and complex silicon, software, supply chain and packaging technologies. The foundation of Bedrock OSA® cyber security is the root of trust and unique cryptographic identity tied to the microprocessor chips in every Bedrock device. This, however, is only possible because of the security architecture that supports it:
- Bedrock security is based on Public Key Infrastructure (PKI) technology, the cryptography architecture that enables internet ecommerce. The details of Bedrock’s PKI were developed in partnership with Green Hills Software’s INTEGRITY Security Services (ISS), a US company that specializes in the application of cryptography and PKI for military and industrial customers with emphasis on securing digital systems and supply chains. The Bedrock Certificate Authority (CA) and certificate management is hosted by a Bedrock device lifecycle management (DLM) application using high security FIPS 140-2 Level 3 certified appliances integrated in our US-based factory. The DLM includes a web portal for management of customer-specific certificates.
- The first requirement for a secure device is control of the manufacturing supply chain. All Bedrock products are manufactured and tested in the USA. Our quality management system employs rigorous lot control to provide robust traceability for the assemblies we manufacture. Final assembly, installation of production software and provisioning with each module’s unique set of cryptographic certificates and keys takes place only in the US-based Bedrock factory. After final tests, each module is then permanently sealed in a tamper-resistant metal case. If someone were to attempt to disassemble a module, they would encounter the anti-tamper metal and discover impenetrable and hardened digital semiconductors with encrypted flash memories. There are no readable keys or other cryptographic elements to exploit.
- The second requirement for a secure device is a secure boot process. This ensures that starting from powerup, the module runs only legitimate and authenticated software. The advanced secure microprocessors deploy technologies that enable booting from firmware that is encrypted and signed. This guarantees that both installed firmware and any later updates must be properly encrypted and signed by Bedrock and cannot be corrupted in transit or maliciously modified. The boot process also loads cryptographic keys and user application programs. This tamper-proof software process lays the foundation for the Bedrock OSA® root of trust.
- The third requirement for a secure device is authentication and encryption of communications. To repeat, the OSA® platform uses the same advanced cryptographic technologies that enable ecommerce over the internet: Transport Layer Security (TLS) and PKI that also exploit the Bedrock intrinsic root of trust. This provides mutual authentication of actors and encryption and this is what gives every system module an ability to resist cyberattacks mounted by adversaries with access to the control network.
- By default, Bedrock controllers are provisioned with X.509 certificates based on a Bedrock Universal OSA® sub root. Matching credentials are included with the Bedrock integrated development environment (IDE) when it is downloaded at no cost from the Bedrock website. The communication mechanism is mutually authenticated TLS, with public credentials. Additional levels of security are provided by upgrading the default credentials to certificates based on a customer-specific root of trust. This service is available to all customers. The process requires contact with Bedrock to raise a unique root of trust and create user-specific certificate packages to be embedded in the encrypted flash. IDE certificates are then issued through the DLM web portal under the control of a designated customer administrator. The process includes a provision for creating the certificates required for secure control network communications, including OPC UA.
- Finally, it is important to understand that the foundation of Bedrock OSA®and its root of trust mechanisms are designed to evolve. Moving forward there will be more secure role-based access and other features designed to bring OSA® closer to zero trust. Beyond that, it is essential to realize that over long time periods, cryptographic algorithms may be broken by new discoveries and may require replacement. An example is the anticipated emergence of quantum computing that could break asymmetric algorithms in current widespread use. NIST is currently working on establishing new quantum-resistant cryptography. When the new algorithms are approved, Bedrock OSA® systems will be able to deploy them into the installed base at the request and control of our users.