Design and Implementation of a Security Architecture for Critical Infrastructure

Design and Implementation of a Security Architecture for Critical Infrastructure Industrial Control Systems in the Era of Nation State Cyber Warfare - David Safford, GE GE electrical generation and distribution systems provide over 50% of all electrical power used in the world. GE is also a major supplier of critical components in aviation, transportation, and medical systems. Unfortunately, we are now in the era of nation-state cyber warfare. The Stuxnet and Ukraine incidents demonstrated attacks on industrial control systems that breached air gaps, and permanently bricked components. At GE Research, we are prototyping a new security architecture across our x86, PPC, and ARM based industrial control systems. It includes hardware roots of trust for secure and trusted boot, along with firmware, hypervisors, operating systems, applications, and network and cloud services with integrity measurement, appraisal, and attestation. We will give an overview of the architecture, status of the reference implementation