Design and Implementation of a Security Architecture for Critical Infrastructure

Design and Implementation of a Security Architecture for Critical Infrastructure Industrial Control Systems in the Era of Nation State Cyber Warfare - David Safford, GE

GE electrical generation and distribution systems provide over 50% of all electrical power used in the world. GE is also a major supplier of critical components in aviation, transportation, and medical systems. Unfortunately, we are now in the era of nation-state cyber warfare. The Stuxnet and Ukraine incidents demonstrated attacks on industrial control systems that breached air gaps, and permanently bricked components.

At GE Research, we are prototyping a new security architecture across our x86, PPC, and ARM based industrial control systems. It includes hardware roots of trust for secure and trusted boot, along with firmware, hypervisors, operating systems, applications, and network and cloud services with integrity measurement, appraisal, and attestation. We will give an overview of the architecture, status of the reference implementations and products, and remaining gaps.

About David Safford

David Safford is a Senior Principal Engineer at General Electric's Global Research Center (GRC), where he works on solutions for control system security for all business units. His primary area of research is in hardware root's of trust for security in a Linux environment. He formerly worked at IBM's T.J. Watson Research Center, was Director of Supercomputing and Networking at Texas A&M University, and was a weapon system test pilot and submarine diving officer in the US Navy.