EdgeX Foundry and Industrial Security for the IoT Edge

This post is co-authored by Riaz Zolfonoon, an RSA Distinguished Engineer who leads the Emerging Technology group at RSA. He is responsible for strategy and technical direction for IoT. Riaz also represents RSA at IoT standards organizations and industry consortia such as IIC, OpenFog, and Edgex Foundry. Previously, he worked on a number of security technologies such as Identity management and PKI. Riaz is a co-inventor on 12 granted patents.

As we exhibit at Hannover Messe 2018 and look back on the EdgeX Foundry’s first year of operation, there is a real sense of pride in what the community has collectively achieved so far and a ton of excitement about what’s to come.

 Photo by Josiah Coates on Unsplash

A clear path to greater IoT edge interoperability

Twelve months in, the project has a clear roadmap in place and we’re meeting our delivery commitments with the recent “California Preview” release, which has dramatically reduced our footprint through the new Go Lang-based microservices. Net-net, we’re well on the way to living up to our goal of facilitating vendor-neutral interoperability between commercial value-add solutions at the IoT edge, regardless of underlying hardware, operating system or connectivity standards.

Growing community and commercial adoption

It’s wonderful to see growing community adoption with hundreds of developers actively working with the EdgeX code and companies starting to incorporate it into their commercial offerings. For example, IOTech has launched the first commercially-supported version of the baseline code compete with developer support. Beyond the 70 plus backing organizations and growing developer engagement, we’ve also seen the community expand in the form of university-sponsored EdgeX research efforts plus EdgeX-focused hackathons.

A focus on security

So, where to next? The big priority has to be industrial-grade security. To set some context, from a Dell perspective, we purposely didn’t include much about security in our initial code contribution that seeded the EdgeX project because we felt it was important that these features were collectively defined by the community to gain universal trust.

Global collaboration

As a result, over the last year, there has been a valuable, global collaboration within the EdgeX Foundry project between security leaders to define layer upon layer of security modules. RSA and VMWare have played a big part in this effort along with fellow EdgeX member companies including Analog Devices, Beechwoods Software, ForgeRock, Mainflux, Mocana, Samsung and Thales.  That work is now largely complete and the resulting APIs and reference code in EdgeX will pave the way for new commercial security innovations.

Opportunity and risk

Let’s put the importance of security in context. As we all know, the IoT promises unprecedented connectivity that equates to tremendous opportunity and considerable risk. According to Gartner, the total number of IoT endpoints will reach 21 billion units by 2020. It follows that a large enterprise could have millions of IoT sensors and actuators for functions such as building automation, smart manufacturing, logistics, transportation and so on.

Unique IoT security concerns

However, while many traditional IT endpoint security techniques still play a role for certain IoT use cases, there are several concerns unique to IoT that require innovative new approaches, such as massive scale, constrained devices, hostile locations with no physical security guarantees (for example, an unmanned wind turbine or traffic sensors in a smart city) plus of course, legacy and brownfield deployments. Due to all these concerns, securing only the “thing” will not scale in the long-term.

IoT monitoring and threat detection

RSA – a market leader in risk-based authentication and fraud detection – has recently launched RSA Labs to focus on these unique security challenges. In one of its first efforts, dubbed “Project Iris”, data scientists from RSA Labs – have been using a gateway with the EdgeX Foundry platform to research the benefits of analytics and machine learning for threat detection. At Hannover Messe, RSA will join Dell to demonstrate the results of its research with the theme of the showcase being “Industrial Security for the IoT Edge”.

Security monitoring

So, how does it work? Briefly, Iris agent, a container running on the gateway, monitors the environment and collects the relevant security events. These events are sent to Iris Cloud. The services in Iris Cloud will then profile and classify the data to define the expected baseline for normal operations. As a result, Iris can then monitor devices for anomalous behaviour and detect threats, such as infection, command and control, lateral movement, data exfiltration and denial of service attacks.

Data protection

Of course, in the Industrial IoT landscape, data is the primary value driver. It follows that the integrity and protection of data is critical. Addressing this concern, RSA will also present a demo, called  Project Notus, featuring secure OPC-UA communication between IoT devices and a Dell Edge Gateway running EdgeX Foundry. However, for this demo, we have replaced the default security package for OPC-UA with an industrial-grade crypto library from RSA. For additional protection, the OPC-UA device service has also been integrated with a secure vault for protection of keys and credentials.

Upcoming release

Expect to see initial security functionality reflected in the next major EdgeX Foundry code release in June, called “California”. We are confident that this release will trigger an even bigger increase in the number of field PoCs scaling out this summer with a knock-on increase to production deployments spinning up later this year.

We’d love to hear your feedback, comments and questions. If you’re in Hannover, do come and meet us!


Meet us at Hannover Messe, April 23-27 and experience these demos at the EdgeX Foundry member area in Hall 6, Stand B17.

Learn more about the EdgeX Foundry at Hannover Messe and the full list of interactive demos available:

https://www.edgexfoundry.org/blog/2018/04/12/edgex-foundry-on-display-at-hannover-messe/

To learn more about EdgeX Foundry visit: www.edgeXfoundry.org

To learn more about Dell OEM, visit: www.dellemc.com

To learn more about RSA Labs, visit: https://www.rsa.com/en-us/research-and-thought-leadership/rsa-labs

Keep in touch about ongoing developments in the Internet of Things. Join the Dell OEM LinkedIn IoT Showcase page

Join the IoT conversation on Twitter: @dellemcoem

About the Author: Jason Shepherd

Jason leads a team responsible for technology strategy, standardization, business model innovation and strategic ecosystem development within the Dell Technologies IoT and Edge Computing Solutions Division. His proven track record as a thought leader in the market is evidenced through his leadership building up the award-winning Dell IoT partner program and establishing the vendor-neutral, open source EdgeX Foundry project to facilitate greater interoperability at the IoT edge. Jason was recognized as one of the Top 100 Industrial IoT influencers of 2018 and currently sits on the board of LF Edge - an umbrella project of complimentary open source efforts facilitating open edge computing. He has spent his career at both Dell and tech startups in roles spanning CTO, engineering and marketing. He holds 14 granted and 13 pending US patents.