Introducing CIP in 10 minutes

Transcript

1. Introducing CIP in 10 minutes Yoshitake Kobayashi CIP Technical Steering

   Committee Chair

2. Platinum Members Silver Members 2 Gold Members

3. Introduction to CIP

4. Our Civilization Runs on Linux®: “Hidden” Industrial IoT Systems Rail

   automation Automatic ticket gates Vehicle control Transport Power Generation Turbine Control Energy Turbine Control Building automation Healthcare Broadcasting Others Industry automation Industrial communication CNC control Industry 4 Linux is a registered trademark of Linus Torvalds.

5. Establishing an Open Source Base Layer of industrial-grade software to

   enable the use and implementation of software building blocks for Civil Infrastructure Systems 5

6. The key challenges • Apply IoT concepts to industrial systems

   • Ensure quality and longevity of products • Keep millions of connected systems secure • Product life-cycles of decades • Backwards compatibility • Standards • Reliability • Functional Safety • Real-time capabilities • Security & vulnerability management • Firmware updates • Minimize risk of regressions Sustainability Industrial gradeness Security 6

7. CIP Core packages (tens) CIP kernel (10+ years maintenance, based

   on LTS kernels) Additional packages (hundreds) CIP Civil Infrastructure Platform Project (https://www.cip-project.org/) LTS Long Term Support CIP Open Source base layer company-specific middleware and applications Scope of a typical Linux distribution Layered Linux distribution for industrial products, utilizing and influencing the relevant Open Source projects: What is “Open Source Base Layer (OSBL)” ? 7

8. OSS Open Source Software QA quality assurance SDK software development

   kit Corporate team/ central project Companies/ Divisions Business Units/ Products Firmware Update Security Hardening Container Runtime … Up to 70% effort reduction achievable for OSS license clearing and vulnerability monitoring, kernel and package maintenance, application adaptation and testing for an individual product. “distribution“ Kernel Base packages, SDK, Build chain, QA CIP Core packages (tens) Additional packages (hundreds) CIP Kernel (10+ years maintenance) Domain-specific extensions Domain-specific extensions … Mapping CIP into the company 8

9. User space Kernel space Linux Kernel App container infrastructure (mid-term)

   App Framework (optionally, mid-term) Middleware/Libraries Monitoring Domain Specific communication (e.g. OPC UA) Shared config. & logging Real-time / safe virtualization Tools Concepts Tracing & reporting tools Configuration management Device management (update, download) Functional safety architecture/strategy, including compliance w/standards (e.g.,NERC CIP, IEC61508) Standardization collaborative effort with others License clearing Export Control Classification On-device software stack Product development and maintenance Application life-cycle management Multimedia Security Safe & Secure Update 6 2 5 Real-time support CIP Core Packages 3 1 Super Long Term Supported Kernel (STLS) 4 Test automation 3 Build environment (e.g. bitbake, dpkg) 1 3 Long-term support Strategy: security patch management Scope of activities 9

10. Activities in CIP Project Workgroup Mission Industrial grade Sustain- ability

    Security Kernel Team • Providing CIP kernels with 10+ years maintenance period • Work with RT Linux project to upstream Real-time enhancement • Provide CIP SLTS kernel with real-time enhancement CIP Core • Provide a reference implementation with Debian based CIP core packages for testing CIP Testing • Providing a test environment to test the CIP kernel and CIP Core Security • Provide guidelines and reference implementations to help developers to meet cybersecurity standard requirements (IEC62443) SW update • Incorporate a common solution for software updates into CIP core 1 2 3 4 5 6 10

11. CIP SLTS kernel development (Upstream first development) 1 2020 2021

    2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 LTS 4.4 4.19 5.10 6.1 CIP SLTS 4.4 4.19 5.10 6.1 We are here Upstream First Self-maintenance Upstream First Self-maintenance Upstream First Self-maintenance Maintained by the LTS Project Upstream First Self-maintenance 1 2 11 Next SLTS 6.12

12. Security working group’s activity to meet IEC62443-4 Provide guidelines and

    reference implementations to help developers to meet cybersecurity standard requirements (IEC62443-4) 5 IEC62443-4-1 Assessment concluded IEC62443-4-2 Assessment In-progress

13. Conclusion 13 • Our Civilization needs an Open Source Base

    Layer of industrial-grade software • Industrial-grade OSBL enhances sustainability and cyber resilience for your products and services • IEC62443-4-x compliant platform with Long-term support • Constantly striving to incorporate latest security features and updates • Engagement with multiple security focused open-source projects • CIP follows open source and upstream first principles Collaboration is the key to sustainable living Collaboration is the key to sustainable living

14. Questions? 14

15. Thank you! 15

16. 16

17. To get the latest information, please contact: Other resources •

    CIP Mailing list: cip-dev@lists.cip-project.org • X: @cip_project • CIP web site: https://www.cip-project.org • CIP wiki: https://wiki.linuxfoundation.org/civilinfrastructureplatform/ • CIP source code - CIP GitLab: https://gitlab.com/cip-project - CIP kernel: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git Contact Information and Resources 17

18. Trademarks • Linux Foundation is a registered trademark of The

    Linux Foundation. • Linux is a registered trademark of Linus Torvalds. 18