Hardware Security for Critical Infrastructures - The CIPSEC Project Approach

As the new trend for smart devices becomes a reality, critical infrastructure (CI) systems are equipped with new toolsets from the information technology domain and move from secluded, closed systems to interconnected infrastructures that communicate directly or indirectly with highly insecure networks (eg. Internet). This transition enables a wide range of cyber-security attacks that can harm both CI Operation Technology (OT) and Information Technology (IT) systems. CIPSEC project consolidates European Union's continuous effort to mitigate the problem by bringing together different security/cyber-security solutions from various providers and integrating them into a unified framework that can be installed on top of a CIS to enhance its security. In this paper, we describe that CIPSEC framework concept, focusing on the CIPSEC hardware component by proposing a CIS Hardware security module (HSM) capable of providing strong cryptography and security services to CI devices. The proposed design approach is described and the mechanisms of mitigating hardware and software attacks on the HSM are sketched so as to achieve a high trust level on the proposed design.