The Internet of Things is coming to industrial systems in a big way (the “IIOT”). But IIOT isn't just IOT with an extra 'I' -- industrial systems differ greatly in architecture, power and performance, and intended application when compared with many consumer, medical, and other IoT systems. This post looks at the unique challenges of IIOT systems and the role of software development tools, including static analysis, in developing next-generation IIOT devices.
- Four step guide to security and safety assurance for IoT devices
- 5 Key Challenges for the Industrial Internet of Things (IIoT)
- IoT—the Industrial Way
- Making Safety Critical Software Development Affordable with Static Analysis
Supervisory Control And Data Acquisition (SCADA) systems, at the heart of most industrial systems, operate in extreme conditions and control critical infrastructure while adhering to strict safety standards. Unlike many other types of devices, industrial systems have:
- Limited device capabilities: Programmable Logic Controllers (PLC) are often low-power, low-end devices with limited processing power and connectivity. They are often networked to larger SCADA systems; however, these systems are often legacy and don’t adhere to modern connectivity and security standards. Exposing these devices to the Internet is extremely dangerous, since security is lacking, but unfortunately it is quite common to do so.
- A need for both safety and security: Safety is well understood by industrial control engineers. Security, on the other hand, is new and often overlooked. Building security in at the architecture level is critical given that these systems are ripe targets for attack.
- Disparate standards, protocols, and data: Industrial systems speak their own language -- and not necessarily what higher-level systems expect. Given the high EMI environment, typical network protocols are insufficient for providing error-free communication. In the past, SCADA systems operated within a factory/plant boundary with little need to feed data beyond. In IIOT, moving data from the “shop floor” to data collection at corporate HQ isn’t as simple as giving a device an IP address.
- Sufficient need for a redesign for IoT: Next-generation industrial control systems are likely to require more processing power and connectivity than in the past, in order to satisfy increasing functional, safety, and security requirements. Additionally, system architecture needs to change to support “security by layers.” Exposing individual devices to the internet that can’t protect themselves is foolhardy. Industrial gateways and firewalls are as needed as they are in the datacenter.
The segmentation of the IIoT from the more-familiar Consumer IoT (from National Instruments, based on Moor Insights and Strategy's report "Segmenting the Internet of Things).
Tackling the Software Development Challenges
Obviously, some of the challenges facing IIOT go beyond software development, and even then, not all software challenges can be addressed by automation, tools, and processes. For the problems where improved software development can benefit, a recommended approach follows:
- A security and safety-first design: Industrial systems that operate in safety-critical environments are already “designing-in” safety as required by the standards they must comply with, such as IEC 16508. We contend that security must also be treated in the same way – considered from the inception of the design rather than added on later in the development cycle. Equally important is also considering security at the system level in which the device operates, to build layers of defense and limit the attack surface as much as possible. Many of the suggestions in our 4-step guide to security and safety assurance for IoT devices applies to IIOT systems as well.
- Managing legacy code and software supply chain: Building on top of operating systems, the integration of existing and legacy code is an absolute must these days in order to stay competitive. Reinventing the wheel in embedded systems is becoming a thing of the past (good), but the wide use of third-party code and binaries does have risks (bad).
- Concurrency and multicore processor platforms: Concurrency has always been a design and development challenge for real-time systems, and multicore processor platforms are now the norm. Unfortunately, the true hardware concurrency provided by multicore processors increases the software development challenge. This can be overcome with tools, such as static analysis. Improving programming techniques allows the true benefits of multicore to be realized.
- Development efficiency: Universally, we hear that developer time and development efficiency is the biggest concern for software-development managers. Why? Because each new team building next-generation devices must produce more and more functionality within limited time and budgets. Moving to new software development techniques and leveraging automated development tools, such as static analysis, can increase overall development efficiency.
The Role of Static Analysis Tools
Static analysis tools are highly recommended in software safety standards, and rightfully so. Finding defects early is still a big cost-saver because it's where a majority of costs lie. Static analysis helps reduce risk, cost, time, and money in the following ways:
- Finds defects before unit testing: Static analysis tools can be used right at the developer's desktop environment and can prevent defects before they enter the build system and the unit test phase of development.
- Finds defects that testing misses: Unit testing, even on projects demanding high code-coverage levels, can still miss important defects. Concurrency errors are typically difficult to detect in unit testing and sometimes only appear after hours of operation. Static analysis tools have the unique capability to detect these errors in source code well before they become part of the working system.
- Prevents defects in the first place: Enforcing strict coding standards, such as MISRA C, can help prevent many classes of defects in code. Enforcing good discipline in coding and creating a develop-analyze-test micro cycle for small code changes can prevent many defects from being created in the first place.
- Removes blind spot of third-party code and binaries: Use of third party code such as commercial off-the-shelf software (COTS) and open-source software is a fact of life in industrial device software development. Software of unknown pedigree needs to be managed carefully for safety and security before inclusion in a device. Static analysis tools can analyze third-party source and binaries to discover defects and security vulnerabilities in software that could be impossible to test otherwise.
- Accelerate safety standards documentation: Static analysis (and many other testing and lifecycle management tools) provide automated documentation to support testing, coding standard, and quality/robustness evidence. Much of the manpower used in safety certifications is documentation and evidence production, so automation and specifically static analysis reduces this burden significantly.
Industrial Internet of Things device manufacturers face unique software development challenges compared to other IoT markets. Adopting new techniques and methodologies in parallel with automated development tools can alleviate the burden of these challenges. Static analysis tools assist in important ways to increase software development efficiency while increasing quality, safety, and security.