Essentially, OT is the hardware and software that keeps factories, power plants, facility equipment etc. running. With the advent of low cost – high bandwidth- low latency connectivity, OT systems are getting increasingly connected and accessible from public network or the internet.
Many of those OT systems were not originally conceived to be accessible from the outside and are exposing large surface of attacks. They are an easy target for cybercriminal organizations willing to exploit vulnerabilities to launch cyberattacks and create serious economic damage.
In effect, there are attractive business models for hackers for exploiting OT vulnerabilities, in particular when attacks can be performed remotely on OT equipment that are connected.
How we can help
At ProvenRun we help answering to those threats by providing:
- Security consulting services such as performing security risk analysis, defining security architectures and certification requirements,
- Security engineering services for the development of ad-hoc solutions,
- Solutions to secure-by-design connected devices that are exposed to attacks.
Security-by-design for OT equipment
When securing-by-design a connected device, security engineers can in effect rely on three pillars to be integrated as part of the device’s Trusted Computing Base (TCB):
- Secure elements or hardware coprocessors for the Root of Trust, cryptographic operations and transactions,
- Secure Operating Systems (OSs) or Trusted Execution Environments (TEEs),
- Hardware- or software-based hypervisors.
A secure OS for security critical services
The TCB always includes critical security functions that need to remain small and simple to remain verifiable, especially on complex hardware such as modern microprocessors or microcontrollers. Implementing these security functions require high-level abstractions of the hardware, typically provided by an Operating System (OS). Because the correctness of the security functions depends on the correctness of these high-level abstractions, the OS that implements them is also part of the TCB and should be free from exploitable vulnerabilities.
Our TCB secure software components
At ProvenRun, we provide unique critical off-the-shelf TCB software components that can be used to secure-by-design OT equipment in Greenfield situations:
In brownfield situations, ProvenRun recommends the use of our ProvenBox solution.
Contact us for more details on how we can help.