TRUE KVM: Secure Core (Part 4/4)

The objective for the previous Part 1, Part 2 and Part 3 were to provide an introduction what we mean by relying on a Secure Core architecture for a TRUE KVM system by introducing 7 hypothesis for evaluating solutions.

These are

1. Technically, KVM systems can be separated into two technical solutions which are very close to each other in terms of system performance.
2. Commercially, open standard solutions typically offer lower cost of acquisition (larger markets provide better economies of scale).
   a. Lower capex for IP based systems.
   b. Difficult to assess, hidden operating cost during system lifetime.
   c. Some customers don´t take this total cost of ownership (TCO) into account.
3. KVM systems support a wide variety of applications with varying needs of security.
   a. Public safety and military applications.
   b. This is now expanded to include what is coined critical infrastructures (public safety, military, power and water supply, core telecommunication infrastructures).
   c. Mission critical commercial process control in nearly any industry vertical.
   d. Non mission critical commercial and governmental applications (office infrastructures with limited real-time needs).
4. Increasing number of cyber-attacks within connected IP networks (aka the Internet), generally increase the risk of wide area and large-scale network outages.
5. Most cyber-attacks exploit technical and human or process vulnerabilities and are, as such, difficult to defend against.
6. Increasing number of intelligent devices with automatic machine communication (IoT, IIoT, M2M communication, autonomous driving, etc.) increases traffic volume and mixes physical and logical network infrastructure thus increasing the overall risk of being a victim of a successful attack.
7. The discussion about technology selection is more driven by the needs of suppliers not the needs of users and customers.

In Parts 1 through 3, we addressed the first 5 and in this Part 4, we are going to continue to evaluate the next 2 hypothesis relevant for a secure operation of KVM systems.

The main objective of this part is to raise awareness to the fact that, unlike Direct Connect KVM switching systems, IP based systems require two layers to describe the infrastructure. The first layer describes the physical wiring of the network determining which network elements are directly connected to each other. The second layer describes the logical network. Since one physical connection in an IP network can handle multiple logical connections separated by traffic protocol information. Though the analogy may not be perfectly accurate, but you should think of a network schematic connecting different applications. One application may be connected via various network switches using the same wiring and network elements as another application.

Addressing Hypothesis 6 and 7

A ubiquitous protocol like IP attracts a large user base and device population. Even in critical infrastructures like electrical power grids, metering devices and smartgrid controllers will rely on IP connections to perform their duties. Shielding the operations center from malicious upstream data traffic is key. In order to remain in operational control, the control room KVM system has to remain intact and operable at all times. The firewall/gateway between the KVM operated control system and the many devices and applications is of paramount importance. Something that is extremely hard to maintain in mixed usage scenarios when for example office and process network share the same infrastructure.

While dedicated systems have a clear relationship between physical cabling network and carried payload application data, IP systems require a physical connectivity and logical separation of networks. This requires a strictly IT based thinking. Additionally, it requires legacy knowledge of the application or production process and going forward an increased sensitivity for security measures and a relentless enforcement of them.