Module - 6

Security Framework

• Software Design Concepts

• Middleware Industrial Internet of Things Platforms

• Securing the Industrial Internet

0
Security Framework

Software Design Concepts

1
API (Application Programming Interface)

▪ Application: If you have a laptop, tablet, or smartphone, you are well acquainted with what applications are, i.e.,

the tools, games, social networks, and other software that we use every day.

▪ Programming: This is the coding that software engineers use to create all the software that make up our

applications on our devices.

▪ Interface: An interface is a common method for users, applications, or devices to interact.

▪ If we share this interface between two applications or programs, that interface provides a common means for

both to communicate with one another.

▪ Therefore, an API is essentially a way for programmers to communicate with a certain application through a
software-defined template.

2
API: A Technical Perspective

▪ For an API to work it must be configured and detailed by the application programmer and typically the database
designer . This is because normally you are injecting data from one application into the host application, which
means it needs to be stored permanently in the database. Therefore, an API can best be described as being:

▪ “…a precise specification written by providers of a service that programmers must follow when using that
service The API describes what functionality is available, how it must be used, and what formats it will accept as
input or return as output.”

Web Services

▪ There are many types of APIs and they can be constructed in many languages but the ones typically used today
in service-oriented architectures and modern web and mobile-based applications are web service APIs, such as
SOAP and REST.

3
SOAP (Simple Object Access Protocol )
▪ SOAP is a standards-based web services protocol originally developed by Microsoft that has established itself in

the SOA environment as the web service of choice.

▪ SOAP web-service APIs are well documented through the Web Services Description Language (WSDL) .

▪ SOAP relies exclusively on XML to provide messaging services. Consequently, the XML messaging that SOAP
employs works better over the Internet.

▪ An interesting feature of SOAP is that it does not necessarily have to use the Hypertext Transfer Protocol

(HTTP) transport, as it can run over other network protocols.

▪ SOAP was designed to support and accommodate expansion, so it has all sorts of support modules and options
associated with it.

▪ Because of having so many optional features, SOAP is highly extensible, but need to use only the pieces
required for a particular task.

4
▪ One of the issues with SOAP is that the XML , which it uses to make requests and receive responses, can become

extremely complex.

▪ The issue here is the fact that in some programming languages, the programmer will be required to build those XML

defined requests manually.

▪ Additionally, the issue of manually programming the requests becomes problematic because SOAP is intolerant of errors.

▪ SOAP may be intolerant of errors, but ironically one of the most important SOAP features is built-in error handling .

▪ If SOAP discovers a problem with the request, the response contains error information which can be used to fix the
problem.

▪ This feature is extremely important as in many cases due to third party web service, there would be no indication as to

why things did not work.

▪ The error reporting even provides standardized codes so that it is possible to automate some error-handling tasks in the
code.
5
REST (Representational State Transfer)
▪ REST is relatively new and is designed for web and mobile applications and to fix some of the inherent problems that exist
with SOAP when used in a web environment.

▪ The REST design criteria are to provide a truly simple method of accessing web services through a URL and without any of
the XML baggage of SOAP.

▪ REST as an architecture style does not require processing and is naturally more flexible as it relies on a simple URL using
basic HTTP commands.

▪ In some advanced or complex situations, REST may have to provide additional information, but most web services using
REST rely exclusively on obtaining the needed information from the URL.

▪ Since, REST uses an URL approach to call the API, it can use four different HTTP 1.1 verbs (GET, POST, PUT, and
DELETE) to perform tasks.

▪ REST-based web services can output the response back to the program as data in Command Separated Value (CSV),
JavaScript Object Notation (JSON), and Really Simple Syndication (RSS).

▪ Therefore, programmers can obtain the output that they need in a form that is easy to parse within the language they are using
to write the application.
6
SOAP versus REST
▪ SOAP provides the following advantages when compared to REST :

▪ Language, platform, and transport independent (REST requires use of HTTP)

▪ Works well in distributed enterprise environments (REST assumes direct point-to-point communication)
▪ Standardized
▪ Provides significant pre-build extensibility in the form of the standards

▪ Built-in error handling

▪ Automation when used with certain language products

▪ REST is easier to use, more flexible and has the following advantages when compared to SOAP:

▪ No expensive tools require to interact with the web service

▪ Smaller learning curve

▪ Efficient (SOAP uses XML for all messages; REST can use smaller message formats)
▪ Fast (no extensive processing required)
▪ Closer to other web technologies in design philosophy
7
IIoT Middleware Architecture
▪ The purpose of IIoT middleware is to provide the integration, connectivity, and data translation that is required
between the different technologies and layers.

▪ For example, the middleware platform should be capable of handling connectivity from many different protocols and
connectors as well as expose and consume API software connectors.

▪ Figure shows the functionality and interconnectivity of a middleware platform architecture.

8
▪ Eight components are desirable in an end-to-end IIoT middleware platform. These elements provide the glue that will allow us to build
heterogeneous networks at a large scale.

▪ Connectivity—This layer provides the means to connect and support the sensors and actuators as they will often have diverse technologies
and protocols.

▪ Endnode Management—This layer provides the ability to identify, authenticate, authorize, and manage all the end-nodes in the network.

▪ Data Processing—This layer provides the data translation, preparation, and correlation of data coming from the sensors.

▪ Database Integration—This layer connects applications and data storage.

▪ Data Visualization—This layer provides the tools and techniques to visualize the data in a meaningful way, such as through graphs,
charts, and events.

▪ Analytics—This layer provides the real-time processing and analysis of data vital for industrial applications as it enables fast feedback
from the industrial control systems.

▪ Front-end—This application-level layer provides the connectors, APIs, microservices, and SDK interfaces required by applications and
developers.

▪ Security—The security of the IIoT network is paramount and is addressed at every layer to ensure the confidentiality, integrity, and
availability of the network.

9
What Do IIoT Middleware Platforms Do?
▪ Hundreds of thousands of transducers will be connected to the Internet, which is expected to securely replace
traditional data sources, and these will become the main source of data for an industrial business.

▪ This data could flow from the sensors and perhaps even from the products under manufacture, or from feedback
from operational processes, even the operating environment.

▪ However, data is meaningless without the ability to turn those bits and bytes into knowledge and then

understanding.

▪ The challenge of transforming data, those raw bits and bytes, into knowledge is a technological one.

▪ However, every challenge also represents an opportunity and many vendors are working to produce IioT-capable

middleware platforms to provide the glue to connect all these disparate transducers, applications, and databases.

▪ Middleware is critical for building and deploying IoT applications. This is because middleware platforms

provide multi services such as interfacing of diverse protocols and technologies, translation and identification,
authentication and authorization, among many other features.
10
▪ Furthermore, middleware platforms provide multiple additional services, including determination of

software/firmware levels, quarantining, and remote provisioning and upgrades.

▪ Finally, middleware plays a major role in correlating and presenting data for processing and storage

▪ Event processing is a major element in an Internet of Things platform. Because major amounts of data can
stream from sensors, so it’s important to derive an understanding of which data is important and which is not.
▪ After all, there is little point sending the same data continuously from a restricted device over a limited wireless

communication link if the data isn’t changing

▪ Consequently, an IIoT middleware platform should be designed in order to return the key performance indicators

that industrial scenarios demand.

▪ For example, when dealing with large number of devices, scalability and reliability is of paramount importance.

▪ Middleware provides the enablement platform for building, deploying, and managing scalable IoT applications.

Therefore, the fundamental role of middleware in IIoT can be summarized into three key value propositions that
a business would require. At a very high level, the requirements are for
(1) Integration,
(2) Secure, monitor, and report,
11
(3) Real-time and batch data analysis
Open source middleware solutions
▪ For many SMEs, middleware can be a very expensive option.

▪ Fortunately, there are now open source and commercial middleware platforms that can be deployed to manage
these disperse technologies and protocols.

▪ Without these open source middleware platforms that integrate and seamlessly translate between diverse
technologies and protocols, the Industrial Internet of Things would not be feasible for small medium enterprises
that would not be able to afford the large-scale IIoT platforms.

▪ For example, for large companies, there are enterprise class solutions available from Siemens, GE, and SAP, but
these are typically out of the financial budgets of most SME businesses.

12
Open source middleware solutions
There are several mature, open source solutions for IIoT middleware:

▪ Kaa—Provides the tools to build complete Industrial Internet solutions by interfacing transducers, protocols,
and applications. Kaa also provides the means to monitor and manage each remote device.

▪ OpenIoT—An open source middleware platform for implementing and integrating IoT solutions. OpenIoT is
designed to be able to connect to and then collect and process data from just about any transducer regardless of
its protocol. OpenIoT can then stream the collected data to the cloud and analyze and visualize the collected
data.

▪ Alljoyn—A platform that makes it easy for devices to discover and communicate with one another regardless of
the protocol, manufacturer, or the transport layer.

▪ Mango—One of the most popular IoT platforms due to its traditions in the M2M, industrial control, and
SCADA industrial environment, ease of deployment, low power use, and ability to host thousands of devices
from one low-cost PC.

13
▪ Open source, though very popular, is not always seen as the best solution in industrial environments where

reliability, availability, and robustness could depend on the quality of the product and the technical support.
Consequently, many businesses will invest in commercial products in order to run the business smoothly, and
the technical support they require should things go wrong.

▪ Some of the most popular commercial IoT middleware platforms are:

▪ ThinkWorx

▪ Oracle Fusion

▪ IBM Bluemix

▪ These commercial platforms have more built-in features, such as application enablement and development tools
as well as network and device management support, and are typically easier to deploy.

▪ But they come at a price. However, the cost of licensing these products can often be cheaper than the cost and

time spend deploying, testing, and supporting mash-ups of open source packages.
14
Securing the Industrial Internet
Security in Manufacturing

▪ Security is a major issue with Industrial Internet applications as IOT (industrial operations technology)

environments are not like IT networks; there are rarely firewalls and intrusion detection appliances because there
was simply little requirement for them on the IOT’s flat networks as they were isolated LANs with no Internet
connection.

▪ With the introduction of IIoT, isolation no longer exists and securing systems and applications is now a major

concern.

15
Typical OT Manufacturing Network

16
▪ Operations Technology (OT) and Industrial Control System (ICS) networks consist of programmable Logic Controller

(PLC) and Distributed Control System (DCS)

▪ PLC is used to automate processes by running a program, which has been created in software to replicate the actions
required, in a step basis, to complete a task.
▪ PLCs are digital and they provide the necessary digital outputs required as input by microprocessors to perform a
function, such as to turn on or off a motor.
▪ PLCs also take digital input, and this requires that sensor data, which is often analogue in nature, which must be

converted by an analogue-to-digital convertor (ADC) before being presented to the software running on the PLC.
▪ A PLC runs specific control logic software for a machine and process so there is often a tight correlation between a

PLC and a machine and the process it runs.

▪ Consequently, there are many PLCs in a traditional OT and ICS environment, such as a manufacturing factory floor,
and this can cause a huge proliferation of wiring and the consequential costs in provisioning and maintaining the wiring
burden.

17
▪ A DCS on the other hand is also used to automate systems, which is often deployed in the automation of

continuous and large-scale processes.

▪ Furthermore, an HMI (human-machine interface) is a control system that allows a human operator to interact in
real-time with the machine and control the process running on the machine.
▪ HMI systems are typically in the control room and operated by machine and process operators.
▪ HMI, PLC, and DCS make up the systems in an industrial network, and there are only a handful of automation

system vendors, such as Siemens, Rockwell, General Electric, and ABB.

18
Securing the OT
▪ OT networks may support several different protocols and standards, unlike modern IP there is no standardization

on Ethernet and IP.

▪ Therefore, different parts of the network could feasibly support different network types, such as Modbus ,

Ethernet/IP , Profibus, and Profinet , as well as a mixture of wiring media and standards, such as fiber optics,

copper cables, or wireless for Ethernet 10/100 Mbps or Gigabit Ethernet.

▪ OT networks evolved along these lines, as there was no industry standard and with the costs and lifespan of

equipment manufacturers tended to supply and install equipment that was favoured at the time.

▪ Lately, there has been an industry-wide move to IP and Ethernet; however, even then there has not been a

standard achieved.

19
Network Level: Potential Security Issues
Some of the top network security risks and the means to address them
1. Encryption: Encryption is a double-edged sword. In recent years, organizations have looked to protect sensitive data by scrambling
communications, referred to as encryption. “End-to-end encryption” can create a false sense of comfort for consumers.
The reality is that a hacker can control the device in a variety of ways, including gaining access to the “full discussion regardless of what
security precautions are built into the app you are using.” Encryption essentially gives hackers free rein to operate prior to their eventual
detection and remediation.

2. Ransomware: Network-based ransomware can cripple systems and data. This threat is particularly alarming as it does not rely
heavily on the human element to execute and bring an organization to its knees.
Many times, to be successful with an attack, an active and unpatched workstation, and an automated software update are the only
requirements. Data can be compromised or lost on an infected device. Further compounding the problem is the fact that many small—to
medium-sized businesses do not report ransomware attacks as they occur.
Preventative measures against ransomware include: Using Diverse Backups, Keeping Antivirus Up-To-Date, Maintaining Patch
Updates, Installing File and System Integrity Monitoring Software and Compliance Maintenance

20
3. DDoS Attacks

▪ DDoS attacks come at a real cost. The severity and frequency of DDoS attacks have many network managers
concerned.
▪ Hackers infiltrate organizations by flooding websites and networks with questionable traffic.
▪ Two avenues are emboldening criminals in their nefarious endeavors.
▪ “DDoS for hire” services are one means through which hacking/attack skills are offered in exchange for money.
▪ The other channel used is the wide adoption of Internet-of-Things (IoT) technology. IoT widgets with poor security
defenses are easy targets. Defending against DDoS attacks doesn't have to be a challenge.

Ways to help defend against DDoS attacks include:

• Identifying unusual traffic activity
• Using the needed amount of bandwidth
• Avoiding the wrong response to extortion attempts
• Immediate contact with your ISP
• Developing a Comprehensive Approach to DDoS Security
•

21
4. Insider Threats
▪ Insider threats continue to infect organizations of all sizes. 68% of data breaches involve a human element which are

usually driven by financial gain or negligence.

▪ Though the thought process behind insider threats is gaining popularity within organizations, enterprises may not

always be proactive as the majority of network security defenses are configured to protect from external threats.
Insider abuse can include but is not limited to:
• Remote access to sensitive data
• Unauthorized deletion of data
• Unauthorized access to shared folders
• Unapproved hardware/software
▪ Organizations may find that those who already have legitimate, authorized access to sensitive data operate illicitly,

many times with few or no limitations on their access and agency. This reality underlines the need for consistent
monitoring of suspicious activity.
▪ Utilizing file integrity monitoring (FIM) software can help reduce the risk of costly insider breaches, especially a FIM

tool with integrity that helps align to a Zero Trust Architecture (ZTA) strategy.
22
5. Cloud Security
▪ The security behind legitimate cloud services is being co-opted. As more organizations gravitate toward the
cloud for data storage and retrieval, hackers have found a way in. They use the same legitimate services but may
have ulterior motives and can wreak havoc.
▪ Organizations can be left vulnerable as they have come to trust common cloud platforms and take a reactive
approach to any questionable activity. This comes at a huge cost to them in the form of downtime and leveraging
resources to do damage control.
▪ As Software-as-a-Service(SaaS) continues to grow, and services move to the cloud, organizations still need to be

wary of policies and procedures that can lead to a false sense of responsibility and security for data in the cloud.

23
6. SQL Injection
▪ For many organizations, company data is stored in a server using SQL. As a result, the company data may be
vulnerable to an SQL injection attack.
▪ First appearing in 1998, an SQL injection attack occurs when a cyber attacker uses code to access, change, or

destroy private company data.

▪ Attackers use vulnerabilities in the application software to create a fake identity, manipulate company data, and

even void transactions or change balances in the books.

▪ Regularly check the software for vulnerabilities to protect against this type of attack.
▪ Need to monitor the file integrity continuously to remediate changes that occur as a result of SQL injection

attacks.

24
7. Man-in-the-Middle Attacks
▪ Also known as a MIM attack, a “man-in-the-middle” attack occurs when an attacker “eavesdrops” on

communication that should be private.

▪ In this type of attack, the attacker may intercept an email, chat, or another message between two parties.
▪ They can then use their access to spoof messages, alter data, or engage in social engineering attacks.

▪ Some examples of MIM attacks include:

• Wi-Fi hacking
• IP spoofing
• SSL hijacking
• DNS spoofing

25