To secure materials in an efficient manner in an insecure environment, Supply Chain Assessment for a Process Control System Integrator (PCSI) is extremely important. A PCSI will be a supplier for Programmable Logic Controllers, Human Machine Interface, Workstations, Servers, Communication Equipment like ethernet switches, routers, radios, and modems, and supply various process control software and application. For each of the listed supplied items, PCSI has to take consider all the components that go in a particular product. When an off-the-shelf product is picked, there are hundreds of different pieces inside it and each of those pieces could have been tampered with by somebody along the way. By conducting a supply chain assessment will allow PCSI an understanding of where those parts come from, and can the end product be trusted. A PCSI must ensure that the operation of every supplied element is consistent and tamper-resistant to establish a trusted computing environment.
In order to identify a supplier, PCSI has to perform due diligence. Due diligence is the process where the PCSI goes through to verify the information that has been presented and ensure that there have not been any significant omissions by the supplier. Most of the due diligence serves to verify the legal status, the financials, past history of the supplier, security controls and assurance, incident response, forensics assistance, product life cycle support, and risk management processes. This due diligence is dependent on the risk appetite of the organization as it will require time, effort, and resources to perform the supply chain assessment. For example, an organization that has a low-risk appetite for hardware equipment is the Department of Defense, therefore, they operate a Trusted Foundry Program that's part of a validated supply chain, one where the hardware and software do not deviate from its documented function.
A PSCI may not have to operate a Trusted Foundry Program but should be aware of hardware source authenticity – which is a process of ensuring procurement of hardware that is tamper-free from trustworthy suppliers. For example, if PCSI has to buy a Cisco Ethernet switch he should choose to purchase from authorized resellers and not purchase from a supplier on eBay. A purchase from aftermarket sources increases the risk of obtaining counterfeited and/or compromised hardware. These aftermarket sources entice the buyer by selling online at a cheap price. There have been multiple reported cases where end-users were affected by malware embedded in the firmware or extra chips installed inside the hardware for performing an unscrupulous deed. A PCSI in its supplier selection would do a thorough assessment to ensure that its purchased hardware and software are not compromised in any way.
Maintaining and Protecting Authenticity of Hardware and Firmware
To prevent counterfeiting and/or compromise of hardware and firmware, and for an Original Equipment Manufacturer (OEM) to maintain a reputation of manufactured product a few important concepts listed below are widely used.
Hardware Root of Trust (ROT)
Hardware ROT is a cryptographic module that provides a trusted execution environment. It is used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report and send it to a processor marked as trustworthy.
Hardware Security Module (HSM)
It is a device that is dedicated to generating and storing cryptographic keys that is less susceptible to tampering.
Using methods like a field-programmable gate array (FPGA) and a physically unclonable function (PUF) would zero out the cryptographic key and wipe out the information on the system to make it difficult for an attacker to alter the authorized execution of the software.
Secure boot is a feature of Unified Extensible Firmware Interface (UEFI) which prevents unwanted execution of processes during boot operation. This would check the digital signatures and make sure that the bootloader will only load valid items and not load any malware. To take this further there are concepts of measured boot and attestation within UEFI. The measure boot gathers secure metrics to validate the boot process and will then attest it to mark it valid by use of a digital signature and then pass it on to the operating system and into the processor.
PCSI and OEM will need to continually reinforce and address their supply chains and authenticity mechanisms in order to remain competitive and in dealing with counterfeiting. Both PCSI and OEM have to be vigilant in sourcing materials in the current world and its economic conditions. The use of a reliable and trustworthy supply chain from the OEM to the end-user is the responsibility of PCSI.