Laying the secure, adaptable, safe foundation

For digital transformation

processing is shifting to the edge

We will soon stop using the phrase, “the Internet of Things” and will simply understand that myriad devices across factories, city infrastructure, energy grids, and buildings are more efficient because they effectively and securely exchange information. Indeed, the longer these systems are deployed, the more effective they become due to the impact of machine learning; with the majority needing to be fully operational for 10, 15, or 20+ years.

At least three major forces are driving the decision making on this data nearer to where it's being created:

1

PRIVACY

Sending metadata up into the cloud as opposed to data that is traceable back to a specific individual.

2

LATENCY

Some data are better made locally, in real-time, as opposed to being sent to the cloud for processing.

3

COST

A fraction of the data being sent to the cloud is being mined effectively for analysis... but it is all being stored, which costs the enterprise a significant amount of money.

 

"Industry 4.0"

The integration of robust data analytics...

The shift of where processing occurs, has oscillated between centralized and decentralized for decades.  Lynx views there are two main changes in this cycle:

  1. Many more of these systems have to deliver deterministic real-time (measured in microseconds) behavior to certain situations as the electronics are not assisting a human. They ARE the system (increasingly working alongside a human)
  2. With these systems now connected, the impact of a security incursion impacts not just that system itself, but potentially any devices accessible from that network connection. Just think back to the Mirai attack in late 2016.

We hear from our customers that the solution needs to meet these requirements:

  • Can be deployed on a consolidated board (and in an increasing set of cases, a single chip) to improve system power, footprint and cost;
  • Must run big operating systems like Linux and Windows while also guaranteeing the real-time behavior of it-simply-must-always-respond-this-way elements of the platform. What this means is increased use of hypervisors and, in the case of Lynx, separation kernels;
  • Applications must be compartmentalized to ensure that certain applications cannot cause other elements of the system to fail

Connected systems present a threat from both malicious and unintended (poorly written code) threats. In the factory environment, the relatively slow pace of change is understandable, since there is a focus on reliability, which translates to increased up-time, reduced accidents, less scrap etc. OT technology is, therefore, separate networks that get connected up to the IT networks at a main console level. The desire is to push this fusion of IT and OT worlds out on the factory floor, so that machines can make better decisions, more quickly. Because of the length of time technology is deployed for, there are a lot of equipment that is in excess of ten years old. System architects need to provide a path to deliver more functionality without replacing all of the installed equipment day 1.

The focus of LYNX MOSA.ic for Industrial is to help system architects address these challenges. This product features a bundle of Lynx and 3rd party software technologies and system integrations which have been proven to operate together in a secure, deterministic way..and effectively provide a bridge from the past to the future.

LYNX MOSA.ic for industrial is a new product, introduced in mid 2020. The demo below, created around the more foundational LYNX MOSA.ic software framework, shows how deterministic real-time performance can be provided for a robot application.

LEARN MORE

Industrial Robot Demo

VIDEO LIBRARY

LYNX IN ACTION

Technical Product Manager Chris Barlow discusses the LYNX MOSA.ic industrial robot demo with Ian Ferguson at Embedded World 2020.

Watch the Video

 

Projected value of global market by 2025

% annual reduction in inventory

Industrial BG 10

challenges in a hybrid world

Processing on data is shifting between the endpoint, the network aggregation points, and the cloud—in some cases dynamically. Companies are demanding a choice of cloud environments as well as using on-premise infrastructure. What will remain consistent is that the connected devices must be trusted.

The Mirai botnet attack in late 2016 would have been partially avoided if systems self-recognized they were behaving in unintended ways. While encryption and all other standard elements of secure communication are helpful, the system architect must build on a platform foundation that can be trusted to perform to specification over its lifetime (and to be decommissioned in a trusted way as well).

IIOT Security Framework

Given the complex and increasingly dynamic nature of computation and decision making—from device to edge to cloud— aspects like security and application integrity cannot be viewed as a point solution, but instead must be considered holistically. Industrial standard organizations such as the Industrial Internet Consortium attest that point solutions are not enough; a comprehensive framework for managing the vast complexities of the pyramid is required. The IIC published Industrial Internet Security Framework surpasses typical recommendations of security controls, documenting stakeholder viewpoints and concerns to ensure proposed solutions are rooted in requirements that comprehensively solve the problem.

 

 

A holistic approach to robust security

To unlock the full potential of IIoT, trust must be established across a network.  That trust begins with platform security—the assurance that computing components are authentic, initialize to a well-known state, and are resilient to unauthorized changes.  Once platform security is in place, systems must incorporate network security and monitoring capabilities to ensure system-wide integrity is resilient to unauthorized changes.

Point solutions tend to address symptoms of engineering flaws—e.g patching, updating whitelists, malware signatures, etc.  However, reactionary approaches lose effectiveness at scale and fail at catching the first exploit. LYNX MOSA.icTM gives product suppliers the ability to build in assurance with the knowledge that their device is precisely designed to execute securely in enterprise or control networks without having to rely on layers of firewalls, IDS, and patching systems. 

Watch the Demo

 

LYNX MOSA.ic™ Automotive Platform

 

BUILDING A NETWORK OF TRUST
...On a robust foundation

Adopting any digitization security technology requires careful technical scrutiny to claims of assurance, interoperability with legacy systems, and life cycle maintenance costs. The architecture configuration language of LYNX MOSA.ic allows developers to design in security properties of system devices that must be trusted and need to survive in hostile environments.

With LYNX MOSA.ic, evaluators of security properties such as government authorities or safety managers can trace configurations down to processor hardware control, providing formal evidence of robustness and resulting in a holistic approach to system security. Our emphasis for our product roadmap in this area, aligned with the company's vision, is focused on helping companies create robust software stacks for autonomous platforms. More of this will be discussed later in 2020. Click below to learn more about LYNX MOSA.ic or to request an evaluation version.

LEARN MORE

LYNX MOSA.ic™ Logo

Examples of relevant security designs include:

  • Boot Security
  • Data Protection:   Data-In-Transit, Data-At-Rest
  • Data and Control Plane Separation
  • Separation of Enterprise and  Control Networks
  • Read-only Monitoring