Securing the Future of Drives

Securing the Future of Drives

By Dara O'Sullivan

In the previous blog in this series we looked at the connectivity element of the motor drive. In this final blog post in the series we will take an overview look at the final element of the conceptual block diagram, highlighted in Figure 1, the cybersecurity elements of the drive.

Figure 1: Servo Drive Architecture Diagram

Cybersecurity in motor drives is an emerging topic and is not one that historically has been of any major interest to motor drive developers. This is because in the vast majority of applications, motor drives have been completely isolated from any potential access that could lead to security issues. They were not typically connected directly or indirectly to the OT networks within a factory system or to the cloud, so the vulnerability points for unauthorised access have been very limited.

Why is the cybersecurity of motor drives becoming a topic of greater interest?

This situation has been changing primarily as a result of the increased Ethernet connectivity of most drives, as described in the last blog. Furthermore there is an increased awareness of cybersecurity vulnerabilities and the potential for malicious actors, who can bring significant reputational damage to drive suppliers if their system is compromised. Even for non-connected systems, firmware upgrade over USB is now seen as a security vulnerability for example. The other area of concern is related to IP protection. The motor drive market has become increasingly competitive and drive manufacturers want to ensure that their control software cannot be extracted from the drive memory and copied illegally.

Another pressure that is coming to bear on drive manufacturers who wish to sell their products in the EU is the Cyber-Resiliency Act (CRA). This is a legal instrument that is due to come into force sometime in 2025, and which will require every product with a digital element that is connected directly or indirectly to another device or to a network to be secure by design, and to meet a range of cybersecurity requirements, with likely standard or third-party assessment. Although the details of this instrument have not been finalised yet, there is likely to be significant penalties for non-compliance and it will effectively mean every new motor drive will have to have full cyber-security protection.

What cybersecurity features will be most important to drive manufacturers?

Cybersecurity is a very broad ranging topic with many elements to it and it can have differing values or meaning to different applications. For example, in online shopping, the need to protect private data such as credit card details as they are passed across a network is probably the most critical element in the transaction. By contrast, when a motor drive is exchanging data over a network in the course of its normal operation, generally speaking the data itself is not hugely important. This is because the data itself usually has a very short life span. Variables such as voltage, current or motor speed are typically only valid for a number of microseconds, and in themselves do not represent anything confidential at any given moment in time. So data privacy in this context in a drive – requiring a security action such as encryption -  is less important (for an easy-to-access overview of encryption check out this post). However, what can be critical is ensuring the identity of a connected element, by means of authentication.  For example, if a command is being sent to the drive, such as Start/Stop, or to change set speed – this could be from a malicious actor masquerading as a programmable logic controller (PLC), which could bring damage to the process that the drive is operating. This blog post provides a great overview of authentication and how it can be achieved.

Another important security element for drives is secure firmware update. Upgrading a drives firmware is something that can happen multiple times during its lifecycle, and can open the drive up temporarily to vulnerabilities since its entire control program is being changed. Allowing for a secure update process, and indeed a secure boot in which the update and boot images themselves can be authenticated and proven as valid, are extremely important in order to prevent corruption of the drives operation. Drives are often involved in dangerous and complex processes such as process plant operations, metal forming, centrifuges etc. so the impact of a malfunctioning drive to either inadvertent or deliberate corruption of the drives control code, or commands/parameters delivered over the network can be physically and reputationally damaging.

How can these features be implemented?

There are several different approaches to implementation of cybersecurity functions, involving a combination of hardware and software.  Analog Devices provides a range of secure authenticator and secure microcontroller products from simpler devices such as the 1-wire secure authenticator DS28E30 to secure microcontrollers such as the MAXQ1065. These products can provide simple root of trust functionality in conjunction with the main system controller, or more complete cryptographic functions to help meet the requirements of the motor drives of the future.

This blog post concludes the blog series on motor drives where we have covered everything from the AC input power stage to the controller, communications and security. Hopefully these blogs will provide a helpful introduction to the fascinating world of electronic motor control - a technology that is ever more pervasive in so many aspects of our modern world.