MENU
Contact Us




Project

ESS integration on an ICS

Implementation of ESS on a Linux based process control system



CPU

Manufacturer

OS

Linux

Skills

Linux
C
C#
IEC 62443
Security-by-design

Project size:

Difficulty:




Request/problem:

The customer sells ICS in process applications (oil&gas). The end customer (large oil company) has specific requirements for cybersecurity of his installations and requires the control system to provide embedded security. The ICS is programmable with CODESYS.

Solution:

As Distributor and System Integrator for Kaspersky embedded security products, we decided to use the Kaspersky Security System, a security kernel used in KasperskyOS and adapted to run under Linux. In order to secure any communication to the PLC via the CODESYS Gateway, we have separated the CODESYS Control Runtime System in 2 parts, isolated from each-other in separate secure containers. Inter-process communication between one part (Com) and the other part (Core) is no longer possible and any process must go through KSS. KSS receives commands, checks against predefined security policies and either allows or blocks the command.
For the security policies to be defined in a user-friendly environment, we have developed a new CODESYS plug-in editor. Security policies set in the CODESYS editor are compiled to KSS using a separate secure channel. The editor provides security logs as well.

Architecture:

Results:

The result of this development is a product owned by BE.services. The product Embedded Security Shield is available for any company developing a PLC with high security requirements. An evaluation version is available on demand. Click on the link below to request your evaluation version.

request evaluation version

Screenshots: