feature article
Subscribe Now

Security and Safety

Not Independent Considerations

Security and Safety: they would seem to be separate system considerations. Security is the flavor of the year, with everyone belatedly signing on to its importance (even as Yahoo announces another BILLION accounts hacked). Safety, on the other hand, is generally relegated as an issue to those systems that can cause harm. That’s traditionally been military and aerospace, largely; we can now add self-driving (or even driver-assisted) cars to that august community.

But it’s funny: in so many conversations that I’ve had recently, security and safety seem to coexist in the same discussion. When the Barr Group did their annual survey, the deep dive topic wasn’t security or safety; it was security and safety. In fact, one of the significant “security” concerns identified by respondents was “injury or death,” a consideration that usually falls under “safety.”

At the recent ARM TechCon, in addition to the Barr Group, I also spoke with Green Hills and Express Logic. In both cases, security and safety were primary topics. Why is it that these two seemingly independent issues end up being treated as siblings so often?

Our main focus here will be the Industrial Internet of Things (IIoT). In particular, the Industrial Internet Consortium (IIC) released their Security Framework (IISF): a comprehensive document baselining security thinking for industrial systems. And they define a broader concept that they call “trustworthiness,” comprising five underlying notions:

  • Security (we more or less know what this is)
  • Safety (also familiar);
  • Reliabilty (“…the ability of a system or component to perform its required functions under stated conditions for a specified period of time.”)
  • Resilience (“…the emergent property of a system that behaves in a manner to avoid, absorb and manage dynamic adversarial conditions while completing the assigned missions, and reconstitute the operational capabilities after causalities.” Basically, if something goes wrong, it can bounce back); and
  • Privacy (specifically, “…the right of an individual or group to control or influence what information related to them may be collected, processed, and stored and by whom, and to whom that information may be disclosed.”)

So, in this view, security and safety have company in the other three considerations. We also often see security and privacy combined together, although a moment’s thought will reassure us that companies with completely secure networks can protect or violate privacy independently of that security.

So what’s going on here? An interesting view on this (and one formalized in the IISF) is that we’re seeing the merging of two distinct domains: information technology (IT) and operational technology (OT). (It occurred to me that maybe “IIOT” should stand for “Internet of Information and Operational Technology.”

We technologists pretty much know what IT is. In fact, anyone connected to a network at work – technologically savvy or otherwise – knows what IT is; they’re probably still waiting for their new computer to be loaded and blessed so that they can use it. IT defines the folks that own and maintain the informational infrastructure. At the risk of some confusion, IT is also the “Ops” in “DevOps,” where programmers work hand in hand with IT to develop software more quickly by eliminating the silos that they’ve traditionally occupied.

“Operational technology,” however, is probably less familiar to us. This is all about the equipment used for the primary goals of an industrial company – making widgets, for example. There are the conveyor belts bringing the widget components together; there are the handlers picking and prodding and aligning those components, and the machine that cuts and bends the metal box, and the machine that puts it all together to be sent to the machine that inspects the results, and on to the machine that boxes and stacks the widgetry. How this comes together has a huge impact on profitability.

Security has largely been an IT consideration. It’s about making sure that only authorized personnel access the network. Safety, on the other hand, has been more of an operational consideration, either when designing the production equipment and defining the processes to ensure worker safety, or when designing and building planes, trains, and automobiles that need to operate safely.

But, increasingly, the equipment inside a factory is networked. Or vehicles are getting much more sophisticated internal networks, which are also being connected to external networks. IT meets OT.

The problem is, as we’ve seen, IT and OT have different priorities. If you must satisfy only one or the other, you can adjust your design parameters accordingly. But both together? That’s not so easy.

The conflict is perhaps best depicted as a movie-character hero trying to get into some secure facility where the apocalypse could be averted if she could just get there in time. But no, there’s a security perimeter with a suspicious guard in the kiosk, and the fate of the world rests on whether or not that guard will let her in.

  • Her priority is to get past this bureaucrat (possibly before he notices the fraudulent docs) and get on with the business of saving the world. That’s OT.
  • The guard’s priority is to be as thorough as possible to ensure that only those with authorization can enter. Haste is not a consideration. This is IT.

To be clear, unlike the typical movie depiction, neither IT nor OT is the bad guy.

In a widget-making factory, IT would suggest that the widget needs robust security; OT would want to minimize anything that hurts profits (whether by increasing component costs or by slowing the production line). And so we end up with a new design dimension requiring compromise. Ultimately, the weight has to be on what makes a product most competitive. If there’s too much security, the product may be too costly or cumbersome. If not enough, then the product may be perceived as risky.

At this point, I should probably pause for some clarification, because in this last example, we have IoT on two levels: the connected manufacturing equipment that builds the IoT widget and the IoT widget itself. I know, it’s so meta.

If the IoT widget being built is for use in some other factory, then the compromises have to be made in a fashion that appeals to the customer – someone in that factory. That’s IIoT. But what if the widget is intended for use by consumers in, say, a smart home?

What’s different here is that, often, the compromises – and, in general, the feature set – are partly targeted at the end consumer, but are often geared more for the folks who want to control the flow of data or the distribution channel: ISPs and big-box retail chains. I’ve seen more than one consumer product pitch that touts platform benefits for Comcast of Best Buy without once mentioning benefits to consumers.

Ultimately, the priorities of consumer devices are going to be different from those of industrial equipment – and yet they still reflect the tension between security and safety. (And reliability and resilience and privacy.) The big takeaway is that security can no longer be considered in isolation. Nor can safety. They’re now bound inextricably, like quarreling kids that will somehow have to learn to play nicely together.

 

More info:

Barr Group Safety and Security Survey (webinar)

Express Logic

Green Hills

Industrial Internet Security Framework

 

One thought on “Security and Safety”

Leave a Reply

featured blogs
Nov 24, 2021
The need for automatic mesh generation has never been clearer. The CFD Vision 2030 Study called most applied CFD 'onerous' and cited meshing's inability to generate complex meshes on the first... [[ Click on the title to access the full blog on the Cadence Community site. ]]...
Nov 24, 2021
I just saw an amazing video showing Mick Jagger and the Rolling Stones from 2021 mixed with Spot robot dogs from Boston Dynamics....
Nov 23, 2021
We explain clock domain crossing & common challenges faced during the ASIC design flow as chip designers scale up CDC verification for multi-billion-gate ASICs. The post Integration Challenges for Multi-Billion-Gate ASICs: Part 1 – Clock Domain Crossing appeared f...
Nov 8, 2021
Intel® FPGA Technology Day (IFTD) is a free four-day event that will be hosted virtually across the globe in North America, China, Japan, EMEA, and Asia Pacific from December 6-9, 2021. The theme of IFTD 2021 is 'Accelerating a Smart and Connected World.' This virtual event ...

featured video

Architecture All Access: Modern FPGA Architecture

Sponsored by Intel

In this 20-minute video, Intel Fellow Prakash Iyer takes you on a journey within the architecture of an FPGA, starting with simple logic gates and then moving up through architecture, design, and applications. Along the way, he answers many questions you might have about FPGAs, even if you’ve worked with FPGAs for years.

Click here for more information

featured paper

Enable faster real-time control with high-precision position sensors

Sponsored by Texas Instruments

The demand for highly automated industrial systems is continuing to increase and often requires advanced, reliable position sensing solutions to control equipment performance and collect factory-level data. Learn how the industry’s most accurate linear 3D Hall-effect position sensor, the TMAG5170, enables faster real-time control and increased diagnostic capabilities to help design safer, more reliable, automated industrial systems.

Click to read more

featured chalk talk

KISSLING Products: Rugged and Reliable Solutions

Sponsored by Mouser Electronics and TE Connectivity

Rugged and reliable designs today have a specific set of design requirements that may not be found in other industries including robustness, durability, and the ability to resist harsh environments. In this episode of Chalk Talk, Amelia Dalton chats with Mark Dickson from TE Connectivity about the KISSLING product family which includes a wide variety of rugged and reliable solutions for your next design.

Click here for more information about TE Connectivity / KISSLING Ruggedized Switching Products