Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Boeing technology offers secure, efficient way to tie together business, industrial nets

M2M from giant manufacturer

Article comments

The Boeing Company is pioneering a way to securely bring together business IT networks with what ordinarily are entirely separate networks for industrial-control systems (ICS) in order to gain efficiencies and benefits in information-sharing in manufacturing.

Boeing's approach, which has been deployed in some of its airplane manufacturing plants, is leading to a new standards effort at the Trusted Computing Group (TCG) for what could be a revolutionary type of virtual private networking that could be applied not only to manufacturing ICS in the future but the "Internet of things," as it's now sometimes called. That could mean everything from electric or traffic systems to medical equipment in hospitals to nanny cams to oil and gas controls that when accessible via the Internet, are too vulnerable to hacker attacks.

"Boeing has done a great job in ICS security," says Stephen Hanna, distinguished engineer at Juniper Networks and chairman of the TCG's Trusted Network Connect work group where the new standard, influenced by what Boeing has done on a home-grown basis in its networks, is expected to be finalised by this fall.

The proposed standard is called the "IF-MAP Metadata for ICS Security." It applies an existing TCG standard known as "Interface for Metadata Access Points" (IF-MAP) to industrial-control systems.

The IF-MAP protocol is used today to establish a database of security, device management and vulnerability information that's received and aggregated from any security product, such as intrusion-detection systems and firewalls for example, that support IF-MAP. Hanna says a couple of dozen vendors support IF-MAP today, including Lumeta with its IPSonar network-discovery tool, for example, which Juniper uses.

But what Boeing has done with the IF-MAP protocol tackles a different question: Since ICS networks have traditionally been maintained as wholly separate entities, sometimes not TCP/IP-based or only connected via leased lines, how can ICS devices be integrated into the increasingly high-speed business IT networks that are usually connected to the Internet?

There are often strong reasons to interconnect them, such as huge cost savings or a way to unite ICS devices across Internet boundaries when needed, or just for information-sharing purposes. "But it opens up a lot of security issues," Hanna points out.

Craig Dupler, technical fellow in Boeing's research and technology business unit, say Boeing understands the nature of such risk. But it was also clear that there would be a huge advantage in using the IT network there to interconnect some parts of its ICS at Boeing.

So a few years back, research engineers with expertise in networking security devised what became home-grown "black boxes" that Boeing today internally refers to as its "Control Systems Security Solution" at Boeing.

These CS3 black boxes, which support the IF-MAP protocol among other standards, basically act as proxies to protect ICS equipment by orchestrating what each ICS can connect to, whether it's another network or a device. There's a means for policy-based enforcement of encryption or identity management. It allows the IT department to manage non-IT devices on the business network but also to delegate controls to the ICS team.

"This is not a traditional VLAN," Dupler emphasises. It's a way to orchestrate what the controls-systems team can see on the network and the IT department group can see and what they are allowed to manage in a fine-grained manner. "I don't want the heating and ventilation side to see what my robots are doing, for instance," says Dupler.

Not all technical experts at Boeing share the belief this is the best way to manage non-IT devices on an IT network, Dupler is quick to point out. It's still subject to debate. But Boeing is eager to see the type of home-grown CS3 black box it came up with become commercialised for wider use over the long term.

Not only are vendors Infoblox and Juniper interested in the evolution of the concept, but a former research engineer at Boeing, David Mattes, left to start a Seattle-based firm called Asguard Networks a year ago to commercially further Being's "black box" idea. The product Mattes came up with is called SimpleConnect, which supports IF-MAP for ICS. SimpleConnect is being tried out at Boeing under limited circumstances. Asguard Networks has other early-adopter customers as well, including a Florida water utility.

The SimpleConnect box "sits between the devices that need to be protected and a shared network resource, such as a business network or wireless or the Internet or a private network in a plant that needs to be further separated," Mattes says.

SimpleConnect provides a way to orchestrate in an automated fashion the cybersecurity for industrial controls systems by placing a private network overlay on top of a shared network. Eventually, the SimpleConnect box could gain additional security functionality, such as intrusion-detection or firewalling capability, Mattes adds.

However useful the security concept that Boeing pioneered for its own network use, one basic problem is that you can end up with too many black boxes abounding in the network, Dupler acknowledges. If Boeing's approach to security for industrial controls ever catches on and becomes widespread, Dupler says he hopes this security functionality might one day be boiled down to fit inside something small, such as a network-interface card.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *