February 29, 2016
UL (Underwriters Laboratories), Xilinx, Aicas, PrismTech and other contributors join forces to provide a security and cybersecurity assessment platform for evaluating endpoint, gateway, and other networked components’ security capabilities
The Industrial Internet Consortium® (IIC) announces its first security assessment-focused testbed: the Security Claims Evaluation Testbed. IIC member organizations UL, Xilinx, Aicas and PrismTech are collaborating on the project to provide an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities. Data sources can include industrial, automotive, medical and other related endpoints requested for secure operation analysis.
IIC members will be able to connect their equipment to the testbed to evaluate the security of their devices within two different scenarios: individually on a device level, or with a system of other endpoints, gateways, etc. The options include exploration of methodology and collection of evidence to demonstrate the system operational security processes supporting the key characteristics of the system relative to evaluation of the participant’s claims. Additionally, the testbed enables the evaluation of those critical areas of an architecture pattern that need to be secured as outlined in the Industrial Internet Reference Architecture Technical Report.
Understanding the security of devices very early in product development can minimize delays for product launch. The testbed aims to enable manufacturers to improve the security posture of their products and verify alignment to the upcoming IIC Security Framework Technical Report prior to product launch to help accelerate time to market.
The testbed will be rolled out in three stages, with the first being initial deployment in a lab environment and the second in a micro-factory environment. The third phase will be determined by the growth of the testbed. The security testbed’s phased release approach provides a unique learning opportunity to evaluate security vulnerabilities at a device level as well as a system level prior to large scale deployment across many key applications driving the Industrial Internet of Things (IIoT) / Industry 4.0.
“Working to help assure the security of the Industrial Internet is a logical extension of UL’s work to support safer environments globally,” said Jeff Smidt, Vice President and General Manager of UL’s energy & power technologies division. “By offering the first IIC-approved security evaluation testbed to IIC members and the broader IIoT community, we are meeting the manufacturers’ need to address their products’ security profile early on in the product development cycle, thus enabling more efficient product rollout processes.”
“Xilinx is committed to providing the Industrial IoT industry with our latest All Programmable SoC technologies that focus on achieving the highest levels of anti-tamper, information assurance and trust capabilities,” said Lawrence Getman, Vice President of Corporate and Strategic Marketing at Xilinx. “Xilinx’s technology is at the heart of the Security Claims Evaluation testbed. By leveraging the highly flexible and configurable nature that our Programmable SoC devices provide, we enable a broad spectrum of use cases that further enhance the participants’ security claim assessments.”
“Aicas helps realize the Industrial IoT industry with secure, scalable, dynamic component-based composable, standards-based, deterministic hard real-time capable, multi-language software platforms,” said David Beberman, Chief Sales and Marketing Officer at Aicas. “Aicas’ toolchain and platform Java bytecode based technology and secure messaging technology enables component level installation and runtime authentication, authorization and IP protection for the Security Claims Evaluation testbed, and extends it with authentication, authorization and privacy to the cloud.”
“PrismTech develops secure, high performance, real-time end-to-end, data connectivity solutions for the Industrial IoT based on the OMG’s Data Distribution Service for Real-time Systems standard,” said Lawrence Ross, CEO, PrismTech. “Our technology will provide the Security Claims Evaluation Testbed with a flexible and secure Edge to Cloud data backbone that can support a broad range of participants’ security claims assessments.”
Partners Contributing to the Security Claims Evaluation Testbed:
The testbed will leverage several technologies from non-IIC constituents including: secure intelligent gateway and networking IPs providing endpoint to the cloud communication from SoC-e (System-on-Chip engineering S.L.), overall testbed monitoring with real-time analytics from Juxt.io, endpoint monitoring from PFP Cybersecurity, and programmable SOC Platforms and IP from iVeia.
To learn more about this testbed, visit www.iiconsortium.org/security-claims.
© The Industrial Internet Consortium logo is a registered trademark of Object Management Group®. Other logos, products and company names referenced in this document are property of their respective companies.