Aicas, GlobalSign, Infineon, Real-Time Innovations, UL (Underwriters Laboratories), Xilinx
EyeTech Digital Systems, Inc., iVeia, LLC, JUXT, PrismTech, SoC-e, Star Lab Corp.
Aerospace & Defense and Communications, Automotive, Industrial Manufacturing, Smart Grid/Energy, Smart Medical
Provide a Testbed to allow testing of security claims and other security related testing evaluation.
Security Claims Evaluation Testbed – an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities.
How It Works:
The security testbed is a comprehensive testbed comprised of three primary tiers: Endpoint, Gateway and Server (Private, Public Cloud). Data sources can include industrial, smart grid/energy, medical, automotive, building automation, and other related endpoints requested for secure operational analysis. Key platform elements of the testbed include:
- Intelligent endpoint monitoring system(s) from PFP Cybersecurity
- Intelligent Gateway from SoC-e
- Real time analytics from Juxt
- Secure runtime Java VM from Aicas
- Private and Public Cloud secure communication from PrismTech
Software utilized for testbed operation is provided by both members and non-members. With the any-to-any connectivity of the programmable and configurable nature of the security testbed and the application software flexibility, a host of interfaces can be supported. This includes sensor inputs -both analog and digital, video/imaging interfaces, along with a wide range of communications protocols, ranging from Industrial Ethernet protocols to other secure messaging protocols (DDS, XMPP, MQTT, REST, others).
Understanding the security needs of components in a system and having metrics to evaluate those needs very early in product development can address security concerns prior to product launch. The testbed aims to enable manufacturers to improve the security posture of their products and verify alignment to the Industrial Internet Consortium Security Reference Architecture prior to product launch to help accelerate time to market.
The primary objective of the Security Claims Evaluation Testbed is to provide an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities. The testbed will enable participants to connect their equipment to a system of other endpoints, gateways, etc. to evaluate the security capabilities of their equipment, interoperability to other devices, and verify the critical areas of their architecture pattern are secured as outlined in the Industrial Internet Consortium Reference Architecture.
Industrial Internet Consortium members and non-members have the ability to connect their equipment to the testbed to evaluate the security of their devices within two different scenarios; individually on a device level as well as with a system of other endpoints, gateways, etc. This includes exploration of methodology and collection of evidence to demonstrate the system operational security processes supporting the key characteristics of the system relative to evaluation of the participant’s claims. Additionally, the testbed enables the evaluation of the critical areas of an architecture pattern that need to be secured as outlined in the Industrial Internet Consortium Reference Architecture.
The testbed will be rolled out in three stages. The first being initial deployment in a lab environment, second in a micro-factory environment and third phase as determined by the growth of the testbed. The security testbed phased release approach provides a unique learning opportunity to evaluate security vulnerabilities at a device level and system level prior to large scale deployment across many key applications driving the Industrial Internet of Things (IIoT) / Industry 4.0.
Interested in learning more about the Security Claims Evaluation Testbed? Email us!