Civil Infrastructure Platform : Industrial-Grade Linux

Transcript

1. Civil Infrastructure Platform
   Industrial-Grade Linux
   Urs Gleim, Siemens AG, CIP Board Chair
   Yoshitake Kobayashi, Toshiba Corp., CIP TSC Chair
   September, 2023
   

   View Slide

2. CIP Leadership
   Urs Gleim, Siemens AG
   CIP Governing Board Chair
   Yoshitake Kobayashi, Toshiba Corporation
   CIP Technical Steering Committee Chair
   

   View Slide

3. Establishing an
   Open Source Base Layer
   of industrial-grade software to
   enable the use and
   implementation of software
   building blocks for
   Civil Infrastructure Systems
   

   View Slide

4. IoT today – Connecting Systems
   ● Multimodal transportation
   ● Intelligent traffic control
   ● Smart energy management
   ● Collect data to improve
   processes (cost, quality,
   speed)
   ● Minimize downtimes by
   predictive maintenance
   ● Find and rent cars via
   smartphone
   ● Monitor fleets and provide
   service
   Industry Smart City
   Connected Cars
   

   View Slide

5. Our Civilization Runs on Linux: “Hidden” Industrial IoT Systems
   Rail automation
   Automatic ticket gates
   Vehicle control
   Transport
   Power Generation
   Turbine Control
   Energy
   Turbine Control
   Building automation
   Healthcare
   Broadcasting
   Others
   Industry automation
   Industrial communication
   CNC control
   Industry
   

   View Slide

6. Civil Infrastructure has unique problems to solve:
   

   View Slide

7. Civil Infrastructure an Increasing Target of Cybersecurity Threats
   

   View Slide

8. The key challenges
   • Apply IoT concepts to
   industrial systems
   • Ensure quality and
   longevity of products
   • Keep millions of
   connected systems secure
   • Product life-cycles of decades
   • Backwards compatibility
   • Standards
   • Reliability
   • Functional Safety
   • Real-time capabilities
   • Security & vulnerability management
   • Firmware updates
   • Minimize risk of regressions
   Sustainability
   Industrial
   gradeness
   Security
   

   View Slide

9. Civil Infrastructure has unique problems to solve:
   ● Until now the corresponding industrial grade super long term maintenance has been done individually by each
   company.
   ● These systems not only have to survive for a long time, they must be “INDUSTRIAL GRADE” (robust, secure and
   reliable). And at the same time the industry will also need to catch up with the latest technology trends.
   

   View Slide

10. What is “Open Source Base Layer (OSBL)” ?
    CIP Core packages
    (tens)
    CIP kernel
    (10+ years maintenance, based on LTS kernels)
    Additional packages
    (hundreds)
    CIP Civil Infrastructure Platform Project (https://www.cip-project.org/) LTS Long Term Support
    base layer
    company-specific
    middleware and applications
    scope of a typical
    Linux distribution
    Layered Linux distribution for industrial products, utilizing and
    influencing the relevant Open Source projects:
    

    View Slide

11. Mapping CIP into the company
    OSS Open Source Software QA quality assurance SDK software development kit
    Corporate team/
    central project
    Companies/
    Divisions
    Business Units/
    Products
    Firmware Update Security Hardening Container Runtime …
    Up to 70% effort reduction achievable for OSS license clearing
    and vulnerability monitoring, kernel and package maintenance,
    application adaptation and testing for an individual product.
    “distribution“
    Kernel
    Base packages, SDK, Build chain, QA
    CIP Core
    packages
    (tens)
    Additional
    packages
    (hundreds)
    CIP Kernel
    (10+ years maintenance)
    Domain-specific
    extensions
    Domain-specific
    extensions
    …
    

    View Slide

12. CIP governance structure and projects
    (*):
    Workgroup
    CIP Projects and its scopes
    SLTS
    kernel
    1 Real-time
    2 CIP Core
    3 Testing
    4 Security
    WG(*)
    5 Software
    Update WG
    6
    Industrial
    grade
    Sustainability
    Security
    ✔ ✔ ✔ ✔ ✔ ✔
    ✔ ✔ ✔ ✔
    ✔ ✔ ✔ ✔ ✔
    Technical Steering Committee (TSC)
    Governing Board (GB)
    

    View Slide

13. Scope of activities
    User space
    Kernel space
    Linux Kernel
    App container infrastructure
    (mid-term)
    App Framework
    (optionally, mid-term)
    Middleware/Libraries
    Monitoring
    Domain Specific communication
    (e.g. OPC UA)
    Shared config.
    & logging
    Real-time /
    safe virtualization
    Tools Concepts
    Tracing & reporting
    tools
    Configuration
    management
    Device management
    (update, download)
    Functional safety
    architecture/strategy,
    including compliance w/standards
    (e.g.,NERC CIP, IEC61508)
    Standardization collaborative
    effort with others
    License clearing
    Export Control
    Classification
    On-device software stack Product development and maintenance
    Application life-cycle
    management
    Multimedia
    Security
    Safe & Secure
    Update
    6
    2
    5
    Real-time support
    CIP Core Packages
    3
    1 Super Long Term Supported Kernel (STLS)
    4 Test automation
    3 Build environment
    (e.g. bitbake, dpkg)
    1
    3
    Long-term support
    Strategy:
    security patch
    management
    

    View Slide

14. Collaborative development with other OSS projects
    Upstream
    Projects LTS
    mainline
    1
    Upstream first
    2 Use the upstream code
    3 Integrate
    CIP Open Source Base Layer (OSBL)
    Contribute, Collaborate and use by CIP
    meta-debian
    SWUpdate
    

    View Slide

15. Advantages comparison CIP vs Non-CIP distributions
    Items CIP Non-CIP
    Dedicated kernel maintainers for SLTS up to 10 years ✔ ×
    IEC-62443-4-x assessed platform ✔ ×
    Close monitoring of CVEs at user and kernel level ✔ ×
    Extended support from Debian ELTS for specific packages ✔ ×
    Regular automated testing on multiple SOCs with published test
    results on KernelCI
    ✔ ×
    Strong support from big players of embedded system industry ✔ ×
    

    View Slide

16. CIP today focuses on
    • Kernel maintenance: maintaining Linux kernels for very long time, including real-
    time support
    • Testing: providing a test infrastructure and evolve tests
    • CIP Core: a set of industrial-grade components that require very long-term
    maintenance including the required build tool chains
    • Security: Improving to have security features and to follow cybersecurity
    standards
    • Software update: Incorporate a common solution for software updates into
    CIP core
    • Collaboration: Linux, Debian, Debian LTS/ELTS, KernelCI, Real Time Linux,
    Reproducible Builds
    

    View Slide

17. Contact Information and Resources
    To get the latest information, please contact:
    Other resources
    •CIP Mailing list: [email protected]
    •Twitter: @cip_project
    •CIP web site: https://www.cip-project.org
    •CIP wiki: https://wiki.linuxfoundation.org/civilinfrastructureplatform/
    •CIP source code
    −CIP GitLab: https://gitlab.com/cip-project
    −CIP kernel: git://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
    

    View Slide

18. Questions?
    

    View Slide

19. Thank you
    

    View Slide