We are surrounded by electronics – our connected smartphones, laptops and computers are part of our daily lives. Many electronic systems however work silently in the background, ensuring that automated systems such as medical monitors, industrial robots and critical energy infrastructure operate smoothly. Such cyber-physical systems (CPS) can also be found in modern transportation. “Airplanes, trains, cars and ships are all connected,” notes certMILS technical project leader Holger Blasum from SYSGO, Germany. “We have partially automated driverless trains, self-driving cars, and planes that land automatically.” The connectivity that enables outside access for remote operations creates opportunities for malicious cyberattacks. Accessing the operating system of an airplane, for example, could have catastrophic effects. The legitimate fear of security, or functional safety vulnerabilities, in CPS has resulted in arduous testing and certification processes. “CPS is a sector with established safety methods, as well as established safety certification,” explains Blasum. “Securing and certifying CPS against new threats must therefore respect these existing processes.”
Simplifying certification processes
The certMILS project sought to address security challenges, and improve the competitiveness of the sector, by shortening and simplifying the certification process. This was achieved by applying a methodology to examine the security architecture of CPS, based on the principle of multiple independent levels of safety/security MILS. The project developed specific criteria to evaluate the various layers and levels of security within embedded CPS operating systems. The aim was to reduce certification complexity and ensure that secure CPS updates can be made throughout a typical life cycle. In other words, if a single application within a complex CPS fails or starts acting maliciously, other applications will be unaffected. This methodology was tested in pilot projects run across three key domains that use CPS operating systems: railways, undergrounds/subways and smart grids. Certification bodies in three EU countries were involved. “Industry partners successfully evaluated, and were able to certify, the railway and the subway pilot according to the international communication network standard IEC 62443,” says Lisa Burgstaller-Hochenwarter from the project coordination team at Technikon, Austria. The experience of certifying CPS according to the IEC 62443 standard demonstrated the methodology’s applicability in the real world.
Composite system architectures
As demand for automation increases across numerous industrial sectors, composite system architectures are likely to become ever more prevalent. More flexible, modular approaches to certification will be critical to ensuring that safe and secure systems can reach the market, and are not bogged down in costly and inefficient certification processes. “This compositional approach is open to all areas of transportation, and to general industrial systems as well,” adds Blasum. The use of certMILS architectures in future railway systems and safety-critical systems is certainly set to grow. SYSGO and the University of Rostock are currently working together with a railway network provider on this issue. Other projects of this kind will likely be launched in the future, to fully exploit the certMILS methodology. “Europe has a strong reputation in safety- and security-critical systems,” says Blasum. “MILS architectures, and the IEC 62443 families of standards and cross-standard certification in general, are increasingly important in industrial automation, for the realisation of secure and safe systems.”
certMILS, electronics, automated, trains, cars, CPS, MILS, security, infrastructure