Horizontal IoT Security Framework and Best Practices

From OpenCommons
Jump to navigation Jump to search

To conquer these formidable challenges, critical infrastructure industries require greater visibility into their operations and are looking to leverage Internet of Things (IOT) communications technology and communications to provide the means.

In its simplest form, IOT identifies the ability to add communications to existing infrastructure equipment in a customer’s operations for monitoring and control purposes via relatively low-cost communication modules. These low cost communication modules can easily enable connectivity to the components in the electrical grid and deliver new levels of near real-time visibility into operations. IOT easily enables connectivity to applications like demand response, distribution automation, load balancing, smart meters and other smart grid applications. With the new levels of visibility, proactive decisions about grid configurations, outages, maintenance schedules, consumption, theft of service and many others are viable. The addition of IOT communication devices facilitates the creation of a highly reliable, highly available Industrial Internet of Things (IIoT) network capable of delivering the needed visibility into your operations during the most critical times. In short, IOT is a game changer.

Despite all of its benefits, utilities and other CI industries have been reluctant to implement IOT communication modules since they have typically only been available on public cellular networks - which haven’t been designed for the mission, life, safety and critical needs that critical infrastructure industries require. Utilities have been unable to get private licensed broadband spectrum assigned to their market from the federal government to support their increased data communications requirements. In lieu of obtaining private licensed broadband spectrum, these CI industries are virtually handcuffed to using non-mission critical public networks or even shared unlicensed spectrum to achieve their data needs. This creates vulnerabilities to their critical applications because public communications networks are susceptible to outages and congestion, and shared unlicensed spectrum is subject to interference. Utilities’ prefer to own their own private communication networks, which are designed to their specific coverage, capacity, reliability and availability needs. The men and women who support our critical infrastructure require mission critical radio networks that are always available to support their operations and protect their safety. In the face of these challenges, the market has responded and there is good news to be reported. Utilities have traditionally relied on narrowband spectrum for mission critical Land Mobile Radio (LMR) voice systems to provide communications to their field employees. As these systems have transitioned from analog to digital, the ability to support IOT and other IIoT applications becomes viable. Advancements in digital technology can double or quadruple the existing channel capacity on these narrowband Land Mobile Radio systems. Greater channel capacity enables the support of advanced data services — like IOT applications — without impacting voice operations on these Land Mobile Radio systems. By leveraging the new digital mission critical Land Mobile Radio systems, CI industries can now support both voice and data services like IOT applications on a highly reliable network that provides coverage across their entire service territory too. It’s a win-win! Due to advancements in technology and economies of scale, the cost of communication devices has been reduced to price points which enable their use across more infrastructure and applications.

For decades, CI industries have been using a variety of communication technologies in some form or another for supervisory control and data acquisition (SCADA), distribution automation (DA), demand side management (DSM) and other grid-based applications, but they were never placed in a blanket category such as IOT nor were they connected together to create an IIoT. Coupled with the lack of private licensed broadband spectrum options, communication to these applications has been limited and typically only deployed at key locations on a cost-effective basis. Due to advancements in technology and economies of scale, the cost of communication devices has been reduced to price points, which enable their use across more infrastructure and applications.

The energy and utility sectors have been increasingly focused on IOT. It has been estimated that, by 2021, the utility sector will account for 61% of overall IOT device connections, growing at a CAGR of 50%. The same report estimates revenue associated with IOT connectivity will also increase dramatically over the same period, from $5.7 billion in 2011 to $50.9 billion in 2021. Through IOT communication, utility companies can remotely monitor and control assets like electricity substations, capacitor banks, line switches, reclosers and many other key critical infrastructure applications. In addition, utilities can leverage IOT communications for applications like demand response, which provides tremendous cost savings to both the utility and its customers. Enabled by IOT communications, the potential benefits for the energy and utility sectors are far-reaching, including improved energy efficiency, reduced equipment failures, enhanced safety and security, as well as faster and better decision-making.

IOT enables utilities to be proactive in their operations rather than be reactive. Utilities can greatly reduce maintenance and administration costs by automating remote monitoring and cutting down on the number of site visits to check equipment. Scheduling regular site visits to perform routine checks on equipment is time-consuming and expensive, especially for assets in remote locations. With IOT solutions, equipment can be remotely monitored and controlled continuously without human intervention. This allows utilities to check for gradual changes in the status and performance of assets and to schedule equipment maintenance during times that will minimize disruption and inconvenience to customers.

The secure and reliable exchange of information is of paramount importance to utility operations and customer service. As one of the 16 critical infrastructure industries, electric utilities rely on their communication networks to protect lives and ensure the safety of their employees during critical service restoration periods, as well as during normal daily operations, keeping power flowing to the United States. IOT communication is a key differentiator in generating the intelligence that utilities need to make informed real-time decisions.

Key Features of Mission Critical IoT Communications

The most important features of an IOT communication system are:

  • Low Mobility: IOT devices do not move, move infrequently, or move only within a certain region.
  • Application Independent: IOT devices enable communications to key applications that don’t have any communication today and are completely transparent to the application. The application is unaware that the communication service is provided by a wired or wireless connection.
  • IP-based: As Land Mobile Radio communication networks migrate from analog to digital, these new digital networks support IP bearer services and have the ability to transport both IP and serial-based protocols over the IP-based network.
  • Small Data Transmissions: IOT devices frequently send or receive small amounts of data, leveraging the extra capacity enabled by migrating to a new TDMA-based digital Land Mobile Radio network.
  • High Reliability: High reliability means that whenever and wherever IOT communication is required or triggered, the connection and reliable transmission between the IOT device and the IOT server shall be available, regardless of the operating environment. High reliability is required in IOT applications that involve either the prospect of an emergency or highly sensitive data. Utility Land Mobile Radio systems have long been designed for high reliability for their voice needs, and the benefit of this is extended directly to the IOT applications that leverage the same network. Mission critical radio networks are designed for high reliability and redundancy where failure is not an option while business enterprise operations networks are not designed to meet the same redundancy and reliability specifications.
  • Network Priority: Network priority means that there is a method for providing a hierarchical prioritization of users or applications within the solution when applications, voice or data, are competing for network access. The P25, TETRA and DMR standards and the systems provided by the manufacturers have provisions in their protocols to accommodate a prioritization scheme, whether it is simple or sophisticated. This is important as utilities have long considered their voice communications to be mission critical because they rely on them for both safety and security, such that prioritization cannot be disrupted. Many fixed data applications, which weren’t previously considered mission critical, are now being considered as such since the information about the grid’s performance has a direct impact on a utility’s operation and performance.
  • Security: Security functions include the protection and confidentiality of IOT data, authentication of users prior to access to IOT devices, and encryption of the data transferred across IOT networks. Knowing that utilities desire private Land Mobile Radio networks for their higher levels of security provides a strong platform that can be leveraged when using the same security for IOT applications.
  • Latency Tolerant: Latency is a time interval between the stimulation and response. When leveraging a Land Mobile Radio network for IOT the target applications should be those that aren’t latency sensitive. The general one-way latency of a Land Mobile Radio network is approximately 1 second. Those polled applications or reports by exception-based applications that don’t require immediate responses measured in milliseconds but rather in seconds are target applications for IOT over LMR.

Being the most crucial of the critical infrastructure markets utilities require systems just like their electrical grid that are highly reliable and available to be always on when you need them. Previously, radio systems supporting IOT communications were limited to public cellular and unlicensed wireless technologies – which weren’t designed to the demanding levels of reliability and availability that utilities require. The wireless communication networks that utilities have been using for decades that were designed for these high-performance levels have been their Land Mobile Radio systems which provide the mission/life/safety critical link to field crews during both outages and daily operations. The radio system is relied upon heavily for restoration activities and during that time failure is not an option because lives are at stake.

As Land Mobile Radio networks are transitioning from analog to digital they now have the ability to support data communications and IOT devices in addition to the current voice communications – all over a highly reliable and available network that they have relied upon and trusted for years. Enabled with data connectivity, choosing the right digital Land Mobile Radio standard to which to migrate is incredibly important because now both lives and key grid operations are at stake. There are three global IP-based digital Land Mobile Radio standards that are available to utilities and understanding their differences is imperative.

The three global standards are P25, TETRA and DMR and each vary considerably on their applicability for mission critical or business critical use, their maturity level, architecture, security, adoption in the market, and performance characteristics. Despite the fact that the standards have similar sounding feature sets in their marketing materials, their implementation and resulting performance vary greatly so thorough investigation of the technical details is required. Many factors go into selecting to either purchase a new digital Land Mobile Radio technology platform or to leverage an existing digital Land Mobile Radio platform for your IOT communications needs. Digital Land Mobile Radio networks based on global standards like P25, TETRA and DMR offer a large ecosystem of vendors that provide solutions and products to meet a variety of coverage, capacity, security and interoperability needs.

Contributions

The IoT communications and security content have been provided by Motorola Solutions Inc. with deep communications and critical infrastructure expertise. A special thank you goes to Kreg Christoff and Joel Garner for their support of the Utility SuperCluster group on this topic. Additional information can be obtained here or by reaching Kreg Christoff at kreg.christoff@motorolasolutions.com Additional IoT information for IoT Cybersecutity can be found at NIST for Framework for Improving Critical Infrastructure Cybersecurity.