security working group

The CIP Project has had an eventful week at the Linux Foundation’s Open Source Summit Europe and Embedded Linux Conference in Lyon, France. In addition to the project’s interactive booth, complete with live demos, the project also had a slew of informative and well-attended talks and hosted a completely sold out mini-summit.

Open source thrives on collaboration, and having this face to face time with the open-source community is so valuable in moving our project forward. Check out below for the details of CIP at OSS EU+ ELC.

CIP at OSS EU. Photos by Masato Minda

The Talks

CIP and CIP members had a combined total of five talks over the three-day event.

With more than 200 people in attendance, “Debian and Yocto Project-Based Long-Term Maintenance Approaches for Embedded Products,” given by Kazuhiro Hayashi, Toshiba & Jan Kiszka, Siemens AG, really struck interest from the OSS EU audience.

Jan Kiszka, Siemens AG and Kazuhiro Hayashi, Toshiba

In this talk, the duo explained the overall build and test setup in their talk about Debian and Yocto-based embedded Linux approaches that satisfy the requirement for 10+ year maintenance in industrial products, specifically around security fixes, reproducible builds, and continuous system updates. 

In their talk, “Open Source Projects to Live Long and Prosper: Linux for Smart Infrastructure and Industry,” Yoshitake Kobayashi, Toshiba Corporation & Urs Gleim, Siemens AG gave an overview of the project and what happened during the last year. Especially the working groups of CIP (on kernel, real-time, core packages, security, and software update) led to great progress in providing a sustainable base for any industrial-grade Linux distribution. 

SZ Lin (林上智), Moxa & Pavel Machek, Denx focused on the long-term maintenance strategy of the kernel in their talk called “Activities of Super Long Term Support Kernel Workgroup in Civil Infrastructure Platform Project.”

Wolfgang Mauerer, Siemens AG, contributed to The List is our Process: An Analysis of the Kernel’s Email-based Development Process. Together with main author Ralf Ramsauer, Technical University of Applied Sciences Regensburg, Sebastian Duda from U Erlangen, and L. Bulwahn from the ELISA project, discussed analysis methods how to track the flow of patches into the kernel, and applied their results to specific subsystems of the Linux kernel. Their work contributes to a reliability analysis of the kernel development and can be used to detect remaining weak spots.

Michael Adler from Siemens AG, and Chris Paterson from Renesas presented “A Guide to CIP and Testing,” where they walked the audience through the CIP testing approach at the Automated Testing Summit. 

The CIP Mini-Summit

For the first time, the CIP project organized a mini-summit, a half-day, single-track event covering Linux-based industrial open source systems. With this event, CIP  gathered those interested in open source to provide technical details and in-depth insights to further develop the industrial-grade CIP base layer which is built on the work of established and stable work from the likes of Debian, Yocto Project, Real-Time Linux.  The sold-out event included topics such as 

• The State of Civil Infrastructure Platform
• CIP SLTS kernel development (e.g. Patch management for collaboration with stable kernel team)
• Security in industrial systems and its future
• Safe software updates for industrial IoT devices
• Use cases of the CIP open source base layer

The CIP Booth

In addition to great content in the form of talks and sessions, the CIP community also interacted with hundreds of attendees in the CIP booth in the Sponsor Showcase. Within the booth, both Plat’Home and Toshiba demoed their technologies which are built on CIP.

CIP booth at OSS EU

This October, the Civil Infrastructure Platform will be hosting a half-day Mini-Summit, colocated with the Linux Foundation’s Open Source Summit Europe (OSSEU), taking place in Lyon, France.

The CIP Mini-Summit is a half-day, single-track event covering Linux-based industrial open source systems. The event takes place on October 31st from 8:00 – 13:00 at the Lyon Convention Centre.

With this event, CIP hopes to gather all interested in open source and provide technical details and in-depth insights that will further develop the industrial-grade CIP base layer which is built on the work of established and stable work from the likes of Debian, Yocto, RT Linux.  This event is an opportunity to meet and collaborate face to face while advancing CIP’s goal of establishing an open-source “base layer” of industrial-grade software to enable the use and implementation in infrastructure projects of software building blocks that meet the safety, reliability and other requirements of industrial and civil infrastructure. Use cases for this base layer include power plants, radar systems, traffic lights, dams, weather systems and more. 

The day will be jam-packed with topics, including:

• The State of Civil Infrastructure Platform
• CIP SLTS kernel development (e.g. Patch management for collaboration with stable kernel team)
• Security in industrial systems and its future
• Safe software updates for industrial IoT devices
• Use cases of the CIP open source base layer
• CIP testing activities will be presented at the Automated Testing Summit, which CIP is a proud sponsor of.

To attend, guests attending OSS EU can register here for a nominal fee of $10 USD.

In addition to The CIP Mini-Summit, CIP is also sponsoring Embedded Linux Conference (ELC-E) as a Gold Sponsor and will be exhibiting on the showroom floor. Stay tuned for details about hands-on demos we’ll be displaying on site!

Embedded Linux Conference Europe takes place from Mon, Oct 28, 2019 – Wed, Oct 30, 2019  is the leading conference for developers, architects, and other technologists – as well as open source community and industry leaders – to collaborate, share information, learn about the latest technologies and gain a competitive advantage by using innovative open solutions. Over 2,000 will gather for ELC-E in 2019.

By Kento Yoshida, CIP security working group member and Senior staff engineer of MPU Product Department, Enterprise Infrastructure Business Division at Renesas Electronics Corporation

The threat of cyber-attacks is growing. With the evolution of IoT, the targets of cyber-attacks are changing from information assets to Industrial Automation and Control System (IACS). Serious damage such as operation stops and the destruction of components are occurring.

In order to deal with evolving cyber attacks, all layers that make up an IACS, such as system services and component functions, in addition to operational layer must be kept secure. For this reason the IEC 62443 series is attracting attention as the de facto cyber security standard for all layers of IACS.

The Civil Infrastructure Platform (“CIP”), the open source project hosted at the Linux Foundation which intends to create reusable building blocks that meet requirements of industrial and civil infrastructure, places great importance on the IEC 62443 series.

Additionally, CIP  supports the adoption of IEC 62443 across the entire industry and are working to roll out solutions as soon as possible as part of an all-out effort to support users’ effort to acquire certification through the newly established CIP security working group.

As a first step to making the industry more secure our working group actively supports suppliers of industrial products so that they can certify using the IEC 62443-4-2 standard, now.

Suppliers will be efficiently able to develop security functions which conform to the IEC 62443-4-2 standard using an open source “base layer” of industrial grade software provided by our activities to reduce development cost, difficulty and uncertainty.

 Currently, we are in the process of completing the investigation of the security functions required for certification and selecting component packages to realize them.

The investigation we conducted showed that more than half of the functionality needed to achieve security level 3 (SL-3) of IEC-62443-4-2 in embedded or network devices can be realized on our platform including our reference hardware.

This high coverage shows that Linux has continued to provide effective and practical features to the industry to date. We are very pleased with this result. And we hope that many industrial-grade software suppliers adopt our open source base layer with high coverage for SL-3 as a development platform for their application.

For more details, visit the CIP security working group wiki page and learn more about our activities. Furthermore, we will present the concept and goal of our activities at the CIP booth at the upcoming Open Source Summit Japan 2019 in Tokyo from July 17 – 19.  If you have any interest in our activities, we hope to see you at the venue.