Bedrock Automation The Company 2 Bedrock Automation Bedrock
Bedrock Automation The Company 2
Bedrock Automation § Bedrock Automation - Incorporated October, 2013 § A subsidiary of Maxim Integrated (Nasdaq: MXIM 1983) § Engineering and management team with + 200 man years of ICS and semiconductor experience § 107 global patents filed / 34 Granted to date § Strategic Technology Partners, example § § § 3 Green Hills Software - Incorporated 1981 Largest embedded software security company + 25 existing industrial control customers + 250 man years of embedded security experience Global presence
Awards Automation and Controls Category • • • Plant Engineering – Product of the Year Award Processing Magazine – Breakthrough Product of the Year Award Frost & Sullivan – Entrepreneurial Company of the Year Award Control Engineering – Finalist for Engineering Choice Award New Equipment Digest – Finalist for Innovation Award • W 3 Gold Winner – Website Design Award 4 Bedrock Automation Platforms, Inc. Confidential
Bedrock. TM The System 5
Started with a blank sheet of paper… 6
Simple, Scalable, Secure. TM 7
Lowest Lifecycle Cost Advanced Technology for Platform Unification Embedded Cyber Security 8
Platform Unity PLC SCADA RTU Safety System DCS Bedrock™ Low High Medium Low Add On Embedded Single Triple or Quad Si. L II, III and IV Single or Dual Single, Dual or Triple All Types Low Perf. All Types Medium Perf. All Types High Perf. Software Defined, Extreme Performance Control Network 10/100 Enet Wide Area Networks 10/100 Enet Cyber Secured Gbit Ethernet Control Loop Response 1 - 100 msec 1000 msec 100 - 500 msec 250 1000 msec < 5 msec Cost Cyber Security Redundancy I/O 9
Bedrock. TM Backplane Module Interconnect Secure Power 10 Secure Control Secure Input/Output
Backplane Module Interconnect - BMI • Radical patented electromagnetic interconnect improves reliability, performance, cost, security • No I/O module pins to bend, break or corrode • Fixed fast scan time regardless of amount of I/O • Built in galvanic isolation • Sealed all metal construction • Patented 4 Gbit parallel redundant communication topology and redundant power topology called Black Fabric Power 11 Controller Input Output
12
3 Bedrock BMIs 5 slot 10 slot 20 slot 13
Secure Input/Output - SIO Backplane Power Controller • BMI power and communication without pins • Software defined Virtual Marshalling • Single/Dual/Triple redundancy • Layered and embedded security • Extreme galvanic isolation, 1200 v Ct. C, 1500 v Ct. G • Extreme performance: speed, accuracy, temperature, isolation, density, SOE • Single universal cable for I/O terminations 14
Introducing SIO 4. E 5 ports 10/100 Enet 5 POE, 25 W per port Automation networking redefined Multi concurrent stack support Cyber Secure
Introducing SIOU. 10 § AI/AO/DI/DO/Pulse/NAMUR § AO and DO Readback § Hart 7 I/O Modem every channel redefined Automation redefined ! § Single Dual Triple Redundant § Cyber Secure
Introducing the Universal I/O Cable 180 Degree One. Rotation 17
I/O Module and Cable Management 18
Secure Power Module - SPM Backplane • Universal AC/DC input + DC out • Backplane coupled with advanced diagnostics • Redundant and cyber secure • No fans and extreme reliability • Available directly-coupled lithium polymer UPS 19 Controller Input Output
Secure Controller Module - SCC • Universal controller for all control modes: Continuous, Ladder, SFC, MVC & User Defined Apps • Deeply embedded cyber security • Built-in OPC UA server • Extreme speed and robustness • 512 MB DDR 3 RAM / 32 GB Flash Memory Backplane Power 20 • Advanced redundancy and advanced diagnostics Input Output
Stand Alone Secure Lithium UPS 500 Backplane Controller • Advanced lithium ion battery chemistry • 12 a. H capacity with 24 VDC output • Sealed all metal NEMA 4 X construction for remote mounting and extreme robustness • Cyber secure ARM processor with embedded 10/100 Ethernet communications • Embedded OPC UA Server • Advanced diagnostics – individual cell monitoring and control 21 Input Output
Introducing UPS 500 Extreme Robustness, NEMA 4 X Incredible Power Density Embedded OPCUA Server Automation UPS redefined Individual cell monitoring and control Advanced Security, True IIo. T
Stand Alone Secure Power Supply SPS 500 Backplane • 500 W field mounted 24 VDC power supply • Sealed all metal NEMA 4 X construction for remote mounting and extreme robustness • Universal AC input with 24 VDC output • Cyber secure ARM processor with embedded 10/100 Ethernet communications • Embedded OPC UA Server • Advanced diagnostics – onboard data logging 23 Controller Input Output
Introducing SPS 500 Extreme Robustness, NEMA 4 X Diagnostics Embedded OPCUA Server Automation power redefined Onboard data logging Advanced Security, True IIo. T
Extensive Testing Completed 5 Year Warranty! § UL Listed – E 362245 § § Class I Groups A-D, Division II IEC 60068 § 60068 -X-X Vibration, Relative Humidity, Cold and Dry Heat, Temp Shock, Drop, Shock Operating and Non Operating § Functional and Calibration Testing § CE Testing to EMC Directive 89/336 25 § EN 00 XX – 2 Emission, Immunity § IEC 61000 -4 X ESD, RFI, EFT/Burst, Surge, Conducted
Ongoing Testing and Certification § ISA Secure (IEC 62443) § GE/Wurldtech L 1 and L 2 § IEC 61508 Si. L II § Advanced HALT – stress to failure § Large scale system – continued regression § EMP 26
Bedrock IDE (Integrated Development Environment) • • • Based on CODESYS Developed from the ground-up Easy to learn and use Supports all IEC-61131 languages Broad user-base from microcontrollers to DCS Systems Leverages latest software environment technology Wealth of 3 rd party applications and libraries available More than 700, 000 licenses issued in 2013 Object Oriented Programming Extensions Free website download! 27
Cyber Security 28
Status Quo 29
What if? 30
Russia a ttacks U . S. oil an audi S d e k c a t t A t rus tha i V n o o m to Date a s h u S o r e g n a D e Most h t s i o c m a r A Next generatio d gas co n Stuxnet worm at Greater s a G d n a il O. U. S Attacks Risk for Cyber mpanie s in mas in the works, s sive hac ays Iran news a k gency Flame: Massiv e cyber-attack discovered, researchers s ay tage Threat o b a S r e d n U s ie n ergy Compa n E rn te s e W : y fl n Drago S ompromises U c Hacker group companies y g r e n a e p and Euro Over 70% of energy and financial firm say cyberat s tacks comin g w ithin 12 months 31
“The only truly secure way to protect Industrial Control Systems is to embed security in the foundation, namely in the controller itself which requires a complete rethinking of how to architect and build Industrial Control Systems. Based on my review, Bedrock has rethought the architecture from a clean sheet of paper and embedded the security. ” Joe Weiss, ISA Fellow and author of Protecting Industrial Control Systems From Electronic Threats 32
Cyber Threats • • • 33 Viruses Worms Logic bombs Cloned devices Cloned software Operators Maintenance Engineering Bad code Do. S attacks Client Management Computers Networks Controllers Sensors/Actuators
Defense in Depth Across Security Domains Product Security Domain - Hardware Firmware OS Applications Manufacturing Security Domain - Contract Mfg Chip Providers Board Providers Test Houses ISVs Operations Security Domain - Networks Users Administrators Hackers Security Must Exist in All Domains 34
Bedrock Cyber Security 35
Defense in Depth Across Security Domains • Product Security Domain Advanced physical anti-tamper § Trusted boot § Based on EAL 6+ RTOS (INTEGRITY) § Strong embedded cryptography § • • No global secrets All system code digitally signed Code updates encrypted and signed Modules have cryptographic identities – Lock to OEM, Lock to Customer, Lock to Application § 36 Only authentic modules can operate Bedrock Automation Platforms, Inc. Confidential
Comparing Crypto Strengths Optimized for Industrial Lifecycle Cryptographic Strength Symmetric Algorithm 56 bits DES Hash Algorithm Elliptic Curve Asymmetric Algorithms RSA/DH Asymmetric Algorithms Expected Lifetime Expiry Expired 60 bits (MD 5) 111 bits 512 bits Expired 80 bits 3 DES (2 key) SHA-1 160 bits 1024 bits 2010 112 bits 3 DES (3 key) SHA-224 bits 2048 bits 2030 128 bits AES-128 SHA-256 bits 3072 bits 2031+ 192 bits AES-192 SHA-384 bits 7680 bits 2031+ 256 bits AES-256 SHA-512 bits 15360 bits 2031+ 37 Bedrock Automation Platforms, Inc. Confidential
Defense in Depth Across Security Domains • Manufacturing Security Domain § DLM system securely programs every module § No human knowledge of any cryptographic keys § Eliminates counterfeit modules and systems • Operations Security Domain § No human transport/entry of cryptographic secrets § Authenticated communications § Cryptographically-enforced whitelist § OEM code updates encrypted and signed § Operator role based access control § Extensive logging of system and operator actions 38 Bedrock Automation Platforms, Inc. Confidential
Platform Keying for Authentication OEM & Customer Applications App 1 App 3 App 2 OEM & Customer App Authentication Embedded Security Included in Bedrock Platform Operating Environment Bedrock Base Automation App & API Secure OS & Boot Image Bedrock Hardware Platform Secure Element 39 Bedrock Base Automation App & API Authentication Bedrock Boot Image Authentication Bedrock Platform Keying & HW Authentication Bedrock Automation Platforms, Inc. Confidential
Compare Bedrock System Today’s Industrial Control Systems Secure OS Yes No Authenticated Modules Yes No Authenticated Software Yes No Authenticated Supply Chain Yes No Secure Remote Updates Yes No Authenticated Messages Yes No Anti-counterfeit protection Yes No All metal tamper proof design Yes No Security Element 40
Life Cycle Cost 41
Bedrock Reduces Cost in All Areas System Engineering Cyber Security Life Cycle Cost Management Installation Maintenance Commissioning 42
System Perpetual Non-Obsolescence. . for Reduced Cost The Problem: § Component lifecycles span years while product lifecycles span decades § Component companies adversely affect product companies The Bedrock Solution: § Component company is the product company § Perpetual Non-Obsolescence possible with advanced component lifecycle management 43
Engineering System Engineering. . for Reduced Cost § I/O is installed, terminated and software configured in the field § Eliminating junction boxes reduces cable termination requirements § Reduced construction project BOM simplifies design requirements § Loop diagrams can be eliminated Engineering is reduced by 33% 44
Platform Unity Installation . . for Reduced Cost Type An example system IO Count Description AI (2 -wire) 40 4 -20 m. A GI AI (4 -wire) 24 4 -20 m. A Isolated AO 32 4 -20 m. A Isolated DI 72 120 VAC DO 40 120 VAC System Cabinets DCS PLC BEDROCK Improvement Bill of Material Count 71 60 47 28% Cabinet Volume (ft 3) 90 90 18 87% $19, 800 $21, 100 $5, 500 73% Installation Cost Installation cost is reduced by 73% 45
Universal Configurability Commissioning . . for Reduced Cost § Confirm assets against design criteria, accelerate construction completion, turnover and startup § Issue control panels for fabrication and installation prior to completing engineering § Reduce control system commissioning spares § Reduce the impact of late design changes § Simplify the documentation and red-line processes I/O universality 46 reduces cost & startup time
Maintenance Platform Unity. . for Reduced Cost Module Typical ICS BEDROCK Improvement Analog I/O 15 1 93% Contact Input 17 1 94% Contact Output 18 1 94% Power Supplies Multiple 1 >50% System Cables Many 1 >80% Module types reduced by >90% 47
Embedded Security Cyber Security . . for Reduced Cost Solutions OEMs Bedrock Assessment $ To Do By Design Remediate $ To Do By Design Manage $ To Do By Design Assure $ To Do By Design Application Whitelisting $ To Do By Design IP and Counterfeiting Theft Protection X Military and Aerospace Technology X Transparent to the User X 48 ICS Supplier Security offerings require § Service and support ($) § Implementation resources ($) § Additional training & monitoring ($) = Added Cost & Time ($$$) Bedrock Cyber Security is embedded into the processors, memory, communication, interconnections, backplane and package technology at no extra cost
Solutions Summary Bedrock. TM Solutions Industry Challenges Maintenance and inventory Repair cycle and End Of Life (EOL) Complex installation Hardware defined functionality Cost Security § Accelerated cyber attacks § Compromised IP § Compromised infrastructure § Layered and embedded cyber security § Authenticated and secured IP § Secured infrastructure Safety § Outdated technologies § Fragmented systems § Advanced technologies § Unified systems § § Reliability § § 49 Bent pins, cable failure Complicated configurations Environmental wear and failures Fragmented platforms § § Extreme reduction in module types High reliability and non obsolescence Easy installation Software defined functionality § § § § No IO pins, reduced failure modes Simplified system configurations Extremely rugged – 5 year warranty Unified platform
Unique Features That Improve Automation and Reduce Cost Unified automation platform, ideally suited to PLC, DCS and RTU applications Electromagnetic backplane for maximum robustness and security Digital and physical cyber security embedded in the platform Automation engineered to its simplest and most elegant functions Perpetual non obsolescence to address primary lifecycle cost issue Fiber control and I/O networks for maximum distribution flexibility All metal construction for highest environmental and cyber protection Advanced technologies and massively integrated semiconductor component designs for improved performance, reliability, security and cost All backed by a 5 Year Warranty 50
- Slides: 50