Analysis of existing dynamic software updating techniques for safe and secure industrial control systems
Free (open access)
Volume 8 (2018), Issue 1
121 - 131
IMANOL MUGARZA, JORGE PARRA & EDUARDO JACOB
Higher interconnectivity among devices, machines, the cloud and humans is envisioned in the actual trend of automation, also known as Industrial Internet of Things (IIoT). These industrial control systems, which may require high availability and/or safety related capabilities, are no longer isolated from the corporate environment or Internet. Software updates will be needed during the product life cycle, due to the long service life, the increasing number of security related vulnerabilities discovered on these industrial control systems and the high interconnectivity desired in IIoT. These updates aim at fixing all these security weaknesses, bugs and vulnerabilities that could appear, while the required safety integrity levels are ensured. Security-related concerns have just been addressed by the safety engineering community, because of the increasing number of cyber-attacks against safety-critical systems, such as Stuxnet. Moreover, system shut-downs caused by software updates could not be plausible when high availability is required. Typically, in order to perform the software update, the whole industrial process or the production is halted, so that the software upgrade is safely applied. However, this scenario might not be applied in critical infrastructures, such as nuclear or hydro- electrical power plants, where these production and service interruptions are not acceptable from the business and service point of view. This article presents an analysis of existing dynamic software updating techniques, which may be applied for safe and secure industrial control systems. These techniques aim at updating the running code, without the need of a halt and restart, increasing the availability of the industrial system.
dynamic software updates, patches, safety, security, critical infrastructures