Virtualizing Industrial Control Application: Not without security

Charlie Ashton, Senior Director, Business Development, Wind River

securityVirtualization brings along with it a wide range of benefits for industrial control applications without compromising on the level of security delivered by the traditional physical infrastructure, provided that the right software platform is selected. Moreover, virtualization enhances the existing security at system level by enabling dynamic updates that are equipped to respond to the emerging threats.

Industries such as manufacturing, healthcare, energy and smart buildings have infinite instances where companies rely on industrial control systems that were installed twenty or thirty years ago. However, these legacy systems present major challenges to the business, including increasing operational expenses due to high maintenance and replacement costs; a dwindling pool of skilled technicians; limited flexibility resulting from sole-sourced solutions with proprietary programming models; slow product lifecycles out of step with fast-moving IT and mobile technologies; outdated box-level security features with no provision for end-to-end threat protection or dynamic updates.

In order to address to these challenges, companies are looking at leveraging virtualization to cut down the operational cost through the deployment of secure, robust, flexible software based solutions as an alternative to the fixed function, legacy hardware.

With virtualization, Level 1 through Level 3 control functions are consolidated onto standard IT-class servers for significant CAPEX and OPEX savings, resulting in software-based digital controllers, PLCs, DCSs, SCADA software, HMIs, historians and applications. Updating software is significantly lower cost than replacing physical equipment. At the same time, companies can differentiate through software solutions while avoiding the cost, risk and downtime of removing and replacing proprietary hardware and software.

As companies evaluate the benefits of introducing virtualization into their systems, security is a critical factor and there are typically two aspects to consider. On one hand, software-based solutions offer end-to-end security both for the network and for the control functions, permitting dynamic updates in response to emerging threats while leveraging software firewalls, VPNs and Intrusion Prevention Systems from leading IT software vendors. On the other hand, hardware-based security functions are well understood and have a proven track record within critical infrastructure applications, so it’s important to ensure that that the adoption of virtualization does not in any way compromise the level of security compared to what’s available in state-of-the-art hardware solutions.

One of the key benefits of virtualization in industrial control applications is that it enables the software-based control functions to run on generic server platforms located on premise, either in a stand-alone configuration or a mini data center. In either case, customers expect to be able to deploy industry-standard servers that may not include hardware. Virtualization also allows Virtual Machines (VMs) to be dynamically migrated from one physical server to another, whether to eliminate downtime during software updates, to recover automatically from platform failures or to adjust resource utilization in response to changing workloads. Binding a VM to a physical TPM severely limits the scenarios under which dynamic VM migration is possible.

For industrial control applications, it is critical to ensure an end-to-end boot process that is fully secure. Consumers are looking for solutions that enable them to achieve the full range of benefits from virtualized industrial control functions without compromising on the security that is an absolute requirement for critical infrastructure.

Share this post