How Do Meltdown and Spectre Affect Safety Systems?

Meltdown and Spectre are security vulnerabilities recently discovered in modern processors. These lapses mean data stored on millions of devices could be stolen by hackers. However, there are safety solutions that are not subject to this and action may not be required.

When details of these cybersecurity weaknesses were released, there was understandable panic regarding the implications for critical data. Confidential information from organizations and individuals that use devices with Intel and ARM processors became vulnerable to attacks. But what exactly are Meltdown and Spectre and how can you ensure your plant remains secured?

Meltdown and Spectre Explained

Spectre and Meltdown are the names given to two cybersecurity vulnerabilities on almost every computer chip created over the last 20 years. These weaknesses allow hackers to access private data through speculative execution and caching. This creates a problem whereby attackers can obtain protected data stored in the CPU cache while the CPU is waiting to see if a process is allowed to access data in what is known as a privilege check.   

Meltdown:

Meltdown breaks the fundamental isolation between user applications and the operating system. Attackers can access stored information if the targeted device is not patched.

Spectre:

Spectre separates the isolation between different applications, enabling attackers to obtain confidential information by tricking error-free programs. Spectre is harder to exploit but also harder to protect against and requires patching to ensure security.

Specialist Software Provides Cybersecurity

Many modern safety controllers use their own dedicated operating system utilizing firmware. This type of firmware is designed purely for safety-critical applications and supports a low software error rate. With no backdoors (a way of bypassing normal authentication or encryption) implemented, it is impossible to access the program code during operation.

Hardware used for SIL 3 safety solutions also provides maximum protection. Vacant Ethernet ports can be disabled or locked, and SIS and basic process control functions and systems are separated. This is in accordance with the standards IEC 61511 and IEC 62443 and ensures that no common cause failures can occur.

Cybersecure Engineering Under Control

In terms of engineering, specialist safety solutions utilize their own single-purpose engineering software. This ensures the highest standards of cybersecurity, including two-factor authentication for project and controller data. Additionally, a security admin feature and function blocks with password protection enhance security. Such systems continuously monitor the application program via system variables to detect any unauthorized changes and notify staff.

Finally, communication plays a key role in cybersecurity. Highly effective controllers use a proprietary protocol for controller communication, such as SafeEthernet, to separate protection layers between CPU and COM modules. Firewalls and demilitarized zones mean networks are independent. HIMA solutions fulfill all of the above criteria and remain secured despite the emergence of Spectre and Meltdown. You do not need to take any action if you use HIMA safety solutions.