The Boeing Company is pioneering a way to securely bring together business IT networks with what ordinarily are entirely separate networks for industrial-control systems (ICS) in order to gain efficiencies and benefits in information-sharing in manufacturing.
Boeing's approach, which has been deployed in some of its airplane manufacturing plants, is leading to a new standards effort at the Trusted Computing Group (TCG) for what could be a revolutionary type of virtual private networking that could be applied not only to manufacturing ICS in the future but the "Internet of things," as it's now sometimes called. That could mean everything from electric or traffic systems to medical equipment in hospitals to nanny cams to oil and gas controls that when accessible via the Internet, are too vulnerable to hacker attacks.
"Boeing has done a great job in ICS security," says Stephen Hanna, distinguished engineer at Juniper Networks and chairman of the TCG's Trusted Network Connect work group where the new standard, influenced by what Boeing has done on a home-grown basis in its networks, is expected to be finalised by this fall.
The IF-MAP protocol is used today to establish a database of security, device management and vulnerability information that's received and aggregated from any security product, such as intrusion-detection systems and firewalls for example, that support IF-MAP. Hanna says a couple of dozen vendors support IF-MAP today, including Lumeta with its IPSonar network-discovery tool, for example, which Juniper uses.
But what Boeing has done with the IF-MAP protocol tackles a different question: Since ICS networks have traditionally been maintained as wholly separate entities, sometimes not TCP/IP-based or only connected via leased lines, how can ICS devices be integrated into the increasingly high-speed business IT networks that are usually connected to the Internet?
There are often strong reasons to interconnect them, such as huge cost savings or a way to unite ICS devices across Internet boundaries when needed, or just for information-sharing purposes. "But it opens up a lot of security issues," Hanna points out.
Craig Dupler, technical fellow in Boeing's research and technology business unit, say Boeing understands the nature of such risk. But it was also clear that there would be a huge advantage in using the IT network there to interconnect some parts of its ICS at Boeing.
So a few years back, research engineers with expertise in networking security devised what became home-grown "black boxes" that Boeing today internally refers to as its "Control Systems Security Solution" at Boeing.
These CS3 black boxes, which support the IF-MAP protocol among other standards, basically act as proxies to protect ICS equipment by orchestrating what each ICS can connect to, whether it's another network or a device. There's a means for policy-based enforcement of encryption or identity management. It allows the IT department to manage non-IT devices on the business network but also to delegate controls to the ICS team.
"This is not a traditional VLAN," Dupler emphasises. It's a way to orchestrate what the controls-systems team can see on the network and the IT department group can see and what they are allowed to manage in a fine-grained manner. "I don't want the heating and ventilation side to see what my robots are doing, for instance," says Dupler.
Not all technical experts at Boeing share the belief this is the best way to manage non-IT devices on an IT network, Dupler is quick to point out. It's still subject to debate. But Boeing is eager to see the type of home-grown CS3 black box it came up with become commercialised for wider use over the long term.
Not only are vendors Infoblox and Juniper interested in the evolution of the concept, but a former research engineer at Boeing, David Mattes, left to start a Seattle-based firm called Asguard Networks a year ago to commercially further Being's "black box" idea. The product Mattes came up with is called SimpleConnect, which supports IF-MAP for ICS. SimpleConnect is being tried out at Boeing under limited circumstances. Asguard Networks has other early-adopter customers as well, including a Florida water utility.
The SimpleConnect box "sits between the devices that need to be protected and a shared network resource, such as a business network or wireless or the Internet or a private network in a plant that needs to be further separated," Mattes says.
SimpleConnect provides a way to orchestrate in an automated fashion the cybersecurity for industrial controls systems by placing a private network overlay on top of a shared network. Eventually, the SimpleConnect box could gain additional security functionality, such as intrusion-detection or firewalling capability, Mattes adds.
However useful the security concept that Boeing pioneered for its own network use, one basic problem is that you can end up with too many black boxes abounding in the network, Dupler acknowledges. If Boeing's approach to security for industrial controls ever catches on and becomes widespread, Dupler says he hopes this security functionality might one day be boiled down to fit inside something small, such as a network-interface card.