Make Your Distributed System Cyber-Secure
Written by Lacey Trebaol
June 17, 2014
How do you approach such a challenge? The larger your distributed system is, the more attack points you require to secure and defend it against hackers, and yet at the same time, the more varied your authorized access levels need to be. You may need to facilitate maintenance, updates and upgrades, monitoring and many other system-wide tasks, each requiring differing access rights to many overlaid sub-elements of your distributed system.
Defending distributed systems is usually done in one of two ways:
- Physical security. The larger, distributed system is secured by isolating the systems to be protected from cyber-interaction.
- Simplified lock-down. Security is achieved by minimizing access rights to a few privileged employees with high security clearances/special permissions.
Both solutions deny access to the full potential that the Internet of Things is meant to enable, while massively restricting the flexibility required for day-to-day operational procedures. So the lack of security becomes a business benefit trade off. But why would you ever knowingly trade away value in your operational infrastructure?
In IT systems the problem is largely delegated to the database – with data access rights defined and limited through authorization and authentication methods, as well as the usual encryption of critical data where needed. But few real-time systems store their time critical data in databases due to the performance hit or cost issues. Yet it's the data in motion that needs protection in real-time systems, this is the critical business asset.
In some systems another issue comes into play –the ability of a hacker to alter control parameters becomes a safety issue as well as a brand reputation and data value loss problem. The consequences of which can be far more far-reaching than the mere loss of some data.
So what's needed is database style defense tools that operate across a system infrastructure. This is exactly what RTI Connext DDS Secure is designed to do.
One tool chain to manage authentication, access control, encryption, access privileges and security monitoring.
In fact with the RTI tools you can go further, and enable agile attack response tool development just like Rajive did when he built a secure SCADA infrastructure with PNNL – in fact he showed this toolchain can be applied retrospectively to legacy distributed systems deployments.
Connext DDS Secure – the best defense for your cyber-enabled infrastructure – plug it in today!
Additional information on Connext DDS Secure:
If you have any questions, please don't hesitate to ask! We're here to help.