How to Secure Industrial IoT Designs to ISA/IEC Security Standards

Industrial devices are quickly being connected to the Internet of Things (IoT) to improve efficiency, safety, and remote monitoring. However, due to their high value, industrial IoT (IIoT) devices are a prime target for hackers. Therefore, industrial device designers must carefully implement their security solutions using industry standards. Industrial devices must also constantly upgrade their security solutions with the latest technology to protect their devices’ data assets without compromising safety and development costs.

This article will discuss industrial security standards and methodologies like IEC 62443 and SESIP. It will then explore how IIoT designers can meet these specifications by leveraging NXP Semiconductors’ industrial security approach using EdgeLock Assurance microcontrollers and secure elements.

What is IEC 62443?

IEC 62443 is a series of standards developed by the ISA99 committee and approved by the International Electrotechnical Commission (IEC). It provides a flexible security framework that helps developers mitigate security vulnerabilities in industrial automation and control systems. IEC 62443 is broken up into four main sections that cover components, systems, policy and procedures, and general specifications (Figure 1).

Figure 1: IIoT devices can use the IEC 62443 standards, which define a flexible framework for mitigating security vulnerabilities. (Image source: IEC)

While each area of IEC 62443 will be helpful to IIoT device developers, the two parts that define the product development requirements and the security requirements for components are:

• IEC 62443-4-1: Product Security Development Life-Cycle Requirements
• IEC 62443-4-2: Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components

IEC 62443-4-1 provides developers with the process requirements for secure product development and defines a secure product development lifecycle. The life cycle includes security requirements definition, secure design, secure implementation, verification and validation, defect management, patch management, and product end-of-life.

IEC 62443-4-2 provides the technical security requirements for components that make up a device, such as network components, host components, and software applications. The standard specifies security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures.

What is SESIP?

SESIP is a Security Evaluation Standard for IoT Platform methodology. It provides a common and optimized approach for evaluating the security of connected products that meet the evolving IoT ecosystem's specific compliance, security, privacy, and scalability challenges.

The primary features of SESIP are that it:

• Delivers a flexible and efficient security evaluation methodology dedicated to addressing the complexity of the IoT ecosystem
• Drives consistency by providing a common and recognized methodology that can be adopted across certification schemes
• Reduces complexity, cost, and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies and compliant with standards and regulations
• Facilitates device certification by the composition of certified parts and reuse of certification across different evaluations
• Establishes a consistent and flexible way for IoT developers to demonstrate the security capability of their IoT products and service providers to select a product that matches their security needs

EdgeLock Assurance: A holistic approach to security

To help IIoT developers meet their device's security needs, NXP has created a holistic approach to security known as EdgeLock Assurance. EdgeLock Assurance is applied to NXP product lines designed to meet industry security standards like IEC 62443-4-1. The security approach, highlighted in Figure 2, combines proven processes and validation assessments to help designers and developers meet their security requirements—from product concept through release.

Figure 2: EdgeLock Assurance is applied to NXP product lines designed to meet industry security standards and simplify the security development life cycle. (Image source: NXP)

EdgeLock Assurance is designed to help ensure that devices are attack resistant, follow security-by-design through reviews and assessments, comply with industry standards, and can be certified to Criteria EAL3 or higher, or SESIP L2 or higher. In addition, several microcontrollers and secure element solutions from NXP can help industrial designers simplify their security solutions and ensure that they meet this holistic approach to security.

EdgeLock Assurance microcontrollers for the IIoT

Several different NXP part families are currently in the EdgeLock Assurance program. These parts include the LPC5500 and the i.MX RT1170.

The LPC5500 family uses the Arm® Cortex®-M33 processor running at up to 100 megahertz (MHz). In addition, the parts leverage Cortex-M33 hardware-based security features like TrustZone to provide hardware isolation for trusted software, as well as memory protection units (MPUs) and a CASPER Crypto co-processor to enable hardware acceleration for specific asymmetric cryptographic algorithms. The LPC5500 family also supports SRAM physical unclonable functions (PUFs) for root-of-trust provisioning. Additional features of the LPC5500 are shown in Figure 3.

Figure 3: The LPC5500 leverages an Arm Cortex-M33 with TrustZone to enable secure software and application execution and various security enhancements. (Image source: NXP)

The i.MX RT1170 is a crossover microcontroller that pushes the limits for microcontroller processing capabilities. It consists of two microcontroller cores; a 1 gigahertz (GHz) Arm Cortex-M7 and a 400 MHz Arm Cortex-M4. In addition, the RT1170 contains advanced security capabilities such as secure boot, high-performance crypto, an inline encryption engine, and on-the-fly AES decryption. The RT1170 general capabilities can be seen in Figure 4.

Figure 4: The i.MX RT1170 leverages high-performance Arm Cortex-M7 and Cortex-M4 cores and advanced security capabilities to enable secure solutions for IIoT devices. (Image source: NXP)

To help kickstart a project, NXP provides developers with several different development boards to try out the high-performance parts to determine if they are suitable for their application. For example, the MIMXRT1170-EVK evaluation kit has a board with a wide range of onboard memory, sensors, and connectivity components to enable developers to rapidly prototype their industrial devices. Developers can then leverage NXP’s MCUXpresso software package and tools to explore the security solutions and capabilities that come with this series of microcontrollers.

NXP secure elements

In addition to using an EdgeLock Assurance microcontroller, IIoT designers might also want to consider using a secure element like the SE050. A secure element is a ready-to-use IC level root-of-trust that gives an IIoT system edge-to-cloud capacities out-of-the-box.

The SE050 allows for securely storing and provisioning credentials and performing cryptographic operations for security-critical communication and control functions such as secure connections to public/private clouds, device-to-device authentication, and protection of sensitive sensor data. In addition, the SE050 comes with a Java Card operating system and an applet optimized for IoT security use cases.

An example application can be seen below in Figure 5. In the example, a secure sensor is connected to the SE050 through a secure I²C interface. The host MCU/MPU communicates with the SE050 through a target I²C interface. The SE050 IoT APPLET can be set up and read through an NFC device reader to provision the device. The SE050 separates and protects the sensor actuator data.

Figure 5: The SE050 secure element allows for securely storing and provisioning credentials, and performing cryptographic operations for security-critical communication and control. (Image source: NXP)

Tips and tricks for IIoT applications

Securing an IIoT device is not a trivial exercise. The threats a device faces today are likely very different from the threats that will be faced tomorrow. Securing a design can be time-consuming if developers aren’t careful. Below are several "tips and tricks" developers should keep in mind that can help them quickly optimize their IoT application for security, such as:

• Use microcontrollers and components that were developed to meet IEC 62443 and SESIP standards in your design.
• For energy-efficient IoT devices, look at using a single microcontroller core that leverages TrustZone, such as the LPC5500 family.
• For IoT devices that require high-performance computing, investigate using a crossover microcontroller like the i.MX RT1170.
• Leverage secure elements as an auxiliary security device to simplify provisioning and secure cloud communication.
• Experiment with various security solutions and options using a development board. Many development boards include secure elements interfaced with microcontrollers that can be used to work through your security solution early.

Conclusion

IIoT devices bring new capabilities and features to industrial applications that improve efficiency, safety, and remote monitoring. However, the greatest threat to these systems comes from security vulnerabilities that hackers will attempt to exploit. As shown, new standards, certifications, and methodologies like IEC 62443 and SESIP—implemented on EdgeLock Assurance microcontrollers and secure elements provided by NXP—can help protect IIoT designs.