Trusted Computing Group

This week, Trusted Computing Group (TCG) with Information Week sponsored the second in a series of free, educational webcasts on security topics and trusted computing. This week's event, "Automate to Win: A Business Case for Standards-Based Security," featured two great speakers, Steve Hanna of TCG and Juniper Networks and Craig Dupler, Boeing.

The event is archived and available on demand here. Info Week's Paul Korzeniowski set the stage by noting today's real network security environment: workers working from all over the globe, the need for increasing connection to customers, social networking and the growth in end user devices attaching to the network. All of these create the need to know who is on the network, what data are they accessing and what happens at the end point. At the same time, IT and security administrators face budget cuts, more complexity and an overload of possible solutions.

Steve Hanna, distinguished engineer at Juniper Networks and co-chair of TCG's Trusted Network Connect (TNC) work group, then jumped in to talk about the role of standards, specifically TNC, in addressing these issues. TCG has long focused on open architectures and building blocks for hardware-based security, and TNC is no exception. Its full set of specifications, which originally focused on network access control, or NAC, now cover all aspects of network security and are supporting by dozens of vendors. The big problems solved by TNC: identifying who AND what is on the network and their state; how to block unauthorized users and give authenticated ones access; and how to quarantine or remediate problem devices. Beyond this is the big idea that Boeing focuses on later in this webcast: sharing and integrating real-time information about users, devices, threats, and the like.

The latter concept falls under the IF-MAP, or Metadata Access Points, debuted by TCG several years ago as one of the TNC specifications. It offers a simple publish/subscribe model that supports NAC, physical security devices, firewalls, wireless systems, switching, DLP, SIM/SEM, IDS and others. At its simplest form, a central IF-MAP server based on the spec allows all systems to share information with each other using standard commands and data formats.

So why is this interesting, and what can it do? In the webcast, Boeing's Craig Dupler talks about just that. As a very large manufacturer of very complex systems - jet airplanes, in this case - Boeing needed a way to secure its inherently insecure industrial control systems (ICS) networks but let a large number of systems talk to one another. Control networks typically have weak authorization and controls, and until recently, nobody thought too much about security. That has changed as these networks touch and are integrated with the Internet and as industrial facilities, utilities and others using them become targets of attacks (Stuxnet, anyone?).

In fact, in Dupler's words, "Today's manufacturing facility hosts a complex mix of people, IT services, control systems, and products-all of which have networked communications requirements. One of the trigger events for Boeing's involvement in this space is the need for protected wireless connectivity for managing large wireless motion platforms like the "Tug" and "Crawlers" being used in this slide's photo of our 777 assembly building. While we *can* continue to do one-off solutions with new WiFi SSID's and associated VLAN's, we are finding that this approach doesn't scale well for the growing number of control systems which require wireless (or even wired) connectivity in isolated "enclaves".

Boeing recognized a long time ago this issue and has actively worked in the industry to identify solutions, including industry standards like IF-MAP and TNC. Dupler notes that the ideal ICS network would leverage IT network resources. However, because of lack of support in ICS for typical network standards and functions and poor security postures, this is not feasible. Then, the solution, says Dupler, is a virtual secure ICS network within an untrusted IT network: this provides IT-standard connectivity for control systems and protects them from the untrusted network and activities on it.

This approach is being used at Boeing's Everett factory in order to secure provide wireless connectivity for new "moving line" tools while protecting them from our own Intranet. These so-called "crawlers" carry large structures for the 777 airplane structures around the final assembly area. While other technical solutions are possible (e.g., creating a separate SSID/VLAN for the crawler WiFi radios), this was a chance to begin to better understand the requirements of a standards-track solution that could be replicated across our many manufacturing settings to improve consistency and reliability while reducing the costs of deployment and operation.

And it's made possible with the Trusted Network Connect (TNC) IF-MAP standards. The IP-based industrial control traffic shares the general IT network in the factory, the ICS gateways provide VPN/firewall security and the ICS gateway configurations dynamically loaded from MAP server - based on user, location, etc.

Dupler's vision includes extending the capabilities of IF-MAP to more uses, such as:

•Combined physical security and SCADA cyber security
•Convergence of IT networks/security and industrial controls security
•Location services, such as coordination of supply chains and process flow across one or more enterprises
•Process/event coordination: Too many business process today are coordinated synchronously or (worse yet) open loop

He says, "The asynchronous Pub/Sub notification capability built into the MAP database can give us a new coordination pattern for many business processes.

To hear the webcast and see the slides to learn more, click here.