Operational Technology (OT) and Transportation and Industrial Control Systems (ICS) are often forced to make concessions regarding security and updates to deliver critical functionality without interruptions. Keeping them secure, bug free and failure resistant is no easy feat. Fortunately, thanks to our advancements in secure and efficient System on Chip (SoC) design, our Mi-V partner, Conclusive Engineering developed a small form factor device dedicated to the task—the Orchid family RCHD-PF System on Module, featuring the PolarFire® SoC FPGA.
Risk aversion against adversities
The first decades of the 21st century have put the modern Operational Technology systems to an unprecedented series of tests. We’ve seen custom malware targeting the electrical grid of a whole country, accidental infections of critical systems with bitlocker malware, smart car exploits, airplanes critically failing due to design issues, a recent Pan-European train system lockup—and that’s just the tip of the iceberg. As OT systems grow in complexity, it’s becoming harder to guarantee their continuous operation and security. But this can be amended using advanced logging and supervising devices that allow for continuous testing of systems during their operation, providing failure resistance and unprecedented reaction times to adverse events.
Advancing beyond default reliability
As an industry, we’ve largely made a transition from dedicated, proprietary black-box solutions to opensource bare-bone adapted to individual tasks. While this resolved a lot of issues related to security and maintenance, the increasing complexity of the software and hardware systems, combined with high costs of updates, introduced a different class of problems. Using external logging and supervisor systems can amend those issues, providing quick debugging and error detection.
Background and legacy
The origin of today’s OT systems, transportation automation and supervisory control and data acquisition (SCADA) networks converges into a single point in the past. In 1968, General Motors, on the basis of a whitepaper by Edward R. Clark, ordered a custom device that was to replace a relay system they used in manufacturing of vehicle transmissions. This is how the first Programmable Logic Controller came to life—a system that, over the coming decades, replaced the reliable, albeit inflexible, electromechanical relay logic. Over half a decade later, standing on the shoulders of giants, we are forging humanity’s future with ideas like software-configurable factories, data-driven just-in-time manufacture and fully automated transportation systems. Enter Industry 4.0.
However, our heritage, with all its benefits, comes with drawbacks as well. Advancing in a field as risk averse as Operational Technology and Transportation is no easy feat. A single slip of a bit can freeze a communication infrastructure of a whole country, or delay production by hundreds of thousands of units, causing a cascading havoc in the supply chain. A single update of critical infrastructure can cost millions of euros—hundreds of millions if it fails—and billions if it can’t be rolled back. On the other hand, an outdated system risks accumulation of issues and unexpected behaviors during prolonged continuous operation and has an extremely negative impact on overall security of the systems. Finding the correct balance is often difficult, if not impossible.
This creates an unavoidable and growing risk gap. On one side, a hazard of an outdated system with significant maintenance costs and an increasing risk of breakdown with each passing day. On the other side, the risk and cost associated with bringing such a system up to date, that includes testing, certification, migration of existing codebase and unpredictable downtimes. It’s an environment where the risk and cost of operation is continuously accumulating, and one where an imminent failure could be fatal in consequences on an unprecedented scale. The only way we can solve this is to acknowledge the problem, adapt and provide smarter solutions that close or decrease that risk gap.
Smarter reliability thanks to hardware supervisors
Conclusive Engineering has pondered a smarter solution, a device capable of becoming a supervisor of existing systems, a Remote Terminal Unit or a fully featured SCADA node capable of performing various tasks as a power-efficient edge compute module, with a low thermal footprint. Thanks to our PolarFire SoC FPGA that integrates a real-time and Linux capable RISC-V processor with the PolarFire FPGA fabric in a single, super-secure, tamper-proof package, Conclusive Engineering was able to make this idea come to life.
RCHD-PF SoM:
RCHD-PF-EVAL evaluation board:
The result of our work is RCHD-PF, a diminutive System on Module (SoM), designed with OT and Transportation applications in mind. Its intended use is debugging of constantly online systems that feature machine computer interfaces, debug log collection, analog data processing, matching system events to analog outputs of the steering system and its sensor readouts. However, due to the device’s processing power, it can also work both as a debugger, a supervising system, a remote terminal unit, visual processing unit or a multipurpose node, and depending on workload it can perform several of those tasks at once. Security of such operation is possible via application domain separation. Since we provide full-stack embedded custom turn-key solutions, this board can be delivered with a huge variety of software, including bare metal, FreeBSD, Linux-based operating systems, seL4, Zephyr, FreeRTOS and other operating systems with necessary kernel and driver modifications to make the system excel in its intended application. Additionally, the board’s security is outstanding—it can work in environments directly accessible by an adversary, safe against code tampering or extraction of secrets. It’s especially important in case of legacy systems—properly designed tests running on RCHD-PF can detect misbehavior of the supervised system to detect and prevent the consequences of execution of a compromised code. To increase its security, it can be fully air gapped from the supervised system, making sure that no write access is possible to the SoM. Additionally, the swappable nature of the SoM can provide in-place upgrades of OT equipment and quick rollback without exceeding allowed downtime that is often measured in minutes on a monthly or a yearly basis.
All this from a design that follows best System-on-Module design practices. RCHD-PF is a module that’s 30% smaller than a credit card, accompanied by the larger RCHD-PF-EVAL evaluation module delivering the breakout of RCHD-PF’s features to standardized connectors, with some additional features, like SFP+, implemented using RCHD-PF’s universal communication protocols. It can be plugged into an existing system that provides a PCIe slot and powered inside of the parent device housing via a generic 4 pin Molex type connector. We can provide a custom form factor of the evaluation board on client’s request or customize RCHD-PF itself.
RCHD-PF supports a whole range of Microchip’s PolarFire Systems on Chip that utilize the FCVG484 socket, delivering field-programmable gate array (FPGA) variants up to 254K LUTs. The FPGA is capable of machine vision and up to dual 4K video processing. The on-board RISC-V processor is working at 667 MHz, delivering around 2030 CoreMark performance, being up to 55% more efficient than the nearest comparable non-RISC-V solution. The SoC has the typical tamper-proofing of the PolarFire family, including Differential Power Analysis and Physically Unclonable Function, that make the properly configured SoC impervious to most sophisticated and costly tampering attempts from a well-equipped adversary.
Customization, purchase, and deployment
Feel free to contact us at the Conclusive Engineering page. Conclusive Engineering is a Mi-V partner and has significant experience in providing code and debugging for mission-critical infrastructure. RCHD-PF is available as an off-the-shelf solution at our store, where you can browse the currently available models and their available configurations. We’re also reachable via their social media i.e. LinkedIn or Facebook.