NORTHBROOK, Ill., — UL, a global safety science organization, has received a grant from the U.S. Defense Advanced Research Projects Agency (DARPA) for cybersecurity testing of Internet of Things (IoT) gateways for industrial control system (ICS) applications to help mitigate security risks.
The advent of the IoT and the invaluable use of data from industrial control systems have created demand for the use of ICS IoT gateways. While valuable, the implementation of a gateway connecting different technologies and bridging an ICS environment to the Internet can lead to significant cybersecurity challenges.
In addition to bridging interconnectivity between heterogeneous systems, an embedded control gateway can also offer shared processing resources, processing and database management including real-time monitoring, and remediation once an intrusion is detected.
As a result of receiving the DARPA grant, UL will identify the main areas of an industrial IoT gateway affecting the cybersecurity of an ICS as well as the data that traverses the gateway outside the ICS system. Additionally, UL will develop a test methodology and a security profile to assess security requirements with the intent of providing technical protocols necessary for designing, building, testing, and procuring secure IoT embedded control gateways. This process is to be designed with flexibility for user-defined remediation techniques and recommended approaches to mitigate security issues, resulting in a more robust product.
This testing will add to the arsenal of tools available to help manufacturers increase their security awareness, as well as help asset owners manage risk, unplanned downtime and reduce costly harm to assets.
“Being proactive in addressing cybersecurity challenges for IoT emerging technologies enables the progression of sophisticated capabilities through system interconnectivity,” states Rachna Stegall, director of connected technologies at UL. “UL is at the forefront of enabling safe innovation, and this grant allows us to extend our reach and into an emerging area of risk.”
IoT gateways with connectivity into ICS, process control systems and distributed control systems in critical infrastructure will have a significant impact on the national security of these inherent systems if the gateways do not have a process to identify and address security risks. A gap can allow major intrusions into these networks without detection, permitting malicious intent to lay dormant for some time until initiated to take action by bad actors. Defining a good process to evaluate and test IoT gateways with recommendations on design and development can help to alleviate these issues.