The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
How Locally-Sourced, Intrinsically-Secure Components Keep the Supply Chain Secure
June 27, 2019 | Sam Galpin
Bedrock Automation anticipated the possibility of supply chain counterfeiting and contamination when we designed the system five years ago and have addressed the issue in multiple ways: One is to make authentication and encryption intrinsic into the system electronics, throughout the signal path. This makes Bedrock systems impossible to counterfeit. Another approach is to build the electronic components ourselves, which provides total supply chain transparency.
Intrinsic cyber security begins at the silicon level. Secure computing requires a tamperproof startup process. The first code the processor executes cannot be encrypted. Protecting this code with signatures or checksums doesn’t help because if it can be tampered with, the checks come too late. This initial code must be built into the microprocessor chip. Later phases can use code that is signed and encrypted, but this again requires special silicon features to protect the secret keys. Intrinsic security rests on a foundation laid at the silicon level.
At the silicon level, Bedrock has the unique visibility and control over its silicon supply chain that comes from designing and sourcing custom manufactured chips. Bedrock circuit boards are made and assembled in the United States. All components are carefully sourced. The origin and lot number of every part from microprocessors to resistors on every circuit board is tracked in Bedrock’s manufacturing database. Each board has a unique serial number.
All boards are tested using custom test fixtures and software. The final assembly of modules is done at a secure facility. This is the point in the process at which each module is loaded with real production software and its unique package of cryptographic certificates and keys bound to immutable features of its silicon. These key packages are generated by a special high-security computing system and loaded directly into the modules by an automated process. Each module now has its full cryptographic identity. It cannot be cloned or counterfeited. The module next goes through a first heat soak test. If all goes well it is sealed into its tamper-resistant case and put through a final heat soak test. Although very few control system vendors manufacture their own chips and have this level of visibility, all are increasingly applying quality control standards.
- For a related article on how the US Cybersecurity Infrastructure Security Agency (CSIA) has elevated the importance of supply chain cyber security see: Supply Chain and ICS Cyber Security Rising on National Critical Infrastructure Agenda
- For more information on how supply chain security is rising in the automation industry see: Supply Chains Under Attack