Learn about:

• CIP’s role in building secure systems
• CIP’s approach to implementing ongoing security measures focusing on rapid response to newly discovered vulnerabilities and maintaining the integrity of critical infrastructure.
• CIP’s adoption of the IEC-62443 standard to enhance security practices in industrial automation and control systems.

Date: Tuesday, September 3
Time: 7:00 AM PDT / 11:00 PM JST

Register today!

The post Enhancing Cyber Resilience with CIP appeared first on Civil Infrastructure Platform.

Join Us for the CIP Open TSC Meeting!

We are excited to invite you to the upcoming Civil Infrastructure Platform (CIP) Open Technical Steering Committee (TSC) Meeting. This event is an excellent opportunity for industry experts, contributors, and enthusiasts to come together, share insights, and discuss the future direction of CIP. Whether you are a seasoned participant or new to the community, your presence and input will be invaluable.

Date: 19th of September 

Time: 1:30pm – 5:00pm

Location: Austria Center Vienna, Room 0.96/0.97

Registration: To register follow the instructions on the Open Source Summit website.

The CIP project aims to establish a sustainable and secure software foundation for civil infrastructure and industrial systems. Join us to learn more about our latest achievements, ongoing work, and plans for the future. This is also effective in meeting cybersecurity requirements such as those in the recently significant EU Cyber Resilience Act (CRA).

Agenda

1. Introducing CIP in 10 minutes  (13:30-13:40, 10 minutes)

This introductory session will provide a concise overview of the CIP project. Yoshi will highlight the key goals, achievements, and the importance of the CIP project in creating a robust and secure software infrastructure for civil infrastructure and industrial applications. Attendees will gain a foundational understanding of what CIP is and why it matters.

2. WG Status Update and Future Plan

Each WG leader will present the current status, significant milestones achieved, challenges faced, and the roadmap for the future. Following these updates, we will engage in an in-depth discussion on these topics to further explore and address key issues and opportunities.

2.1 Kernel Team (13:40-14:20, 40 minutes)

The Kernel Team will discuss their efforts in maintaining and advancing the CIP kernel. This includes updates on long-term support kernels, security patches, and integration of new features. The team will also outline their future plans to ensure the CIP kernel remains stable and secure.

Break (14:20-14:30, 10 minutes)

2.2 CIP Core WG (14:30-15:10, 40 minutes)

The CIP Core Working Group will provide an update on the core components of the platform, including essential libraries and tools that form the CIP base layer. This session will cover recent releases, enhancements, and upcoming developments.

2.3 Security WG (15:10-15:50, 40 minutes)

The Security Working Group is focused on ensuring that the combination of long-term supported CIP kernels and CIP Core components comply with IEC 62443 standards. This session will cover their current activities aimed at enhancing the security posture of CIP by aligning with these internationally recognized cybersecurity standards for industrial automation and control systems. Future initiatives to achieve and maintain IEC 62443 compliance will also be discussed.

Break (15:50-16:00, 10 minutes)

2.4 SW Update WG (16:00-16:30, 30 minutes) 

This segment will focus on the software update mechanisms being developed within CIP. The team will talk about current capabilities, the importance of reliable and secure software updates in industrial systems, and future enhancements to the update process.

2.5 CIP Testing WG (16:30-17:00, 30 minutes)

The CIP Testing Working Group will present their latest advancements in testing frameworks designed to ensure the reliability and robustness of CIP components. The discussion will include automated testing strategies, new testing tools, and future testing plans.

3. Cocktail time (TBD)

— 

Please feel free to reach out if you have any questions or need further information. We look forward to your participation and a fruitful discussion at the CIP Open TSC Meeting!

The post CIP Mini Summit at ELC EU – Vienna appeared first on Civil Infrastructure Platform.

The Civil Infrastructure Platform (CIP) project has five Working Groups – Security, Kernel, Testing, Software Update and CIP Core. The CIP Core Working Group [1], which was launched in 2019, is responsible for developing, testing and maintaining tools to generate CIP Core reference file system images. We are excited to announce that the working group now supports Debian 11-based reference images. 

The CIP Core images consist of CIP kernel and Debian base systems and provide run-time environments that work with CIP reference hardware [2. ] This library of images is the foundation for CIP developers to enhance new features, test existing functions, and maintain them for the long-term. CIP users can evaluate the features with the reference images in relation to their use cases.

The isar-cip-core [3] now supports 5.10 based CIP kernel [4] and Debian 11 bullseye packages. Isar-cip-core is a set of extensions for isar (an image generation tool) to support CIP reference hardware and other features including, but not limited to, security and software updates. Debian 11 bullseye is currently the “stable” version and will be maintained by Debian project and the LTS project until June 2026. After June 2026, the Debian Extended LTS project will inherit its maintenance. The 5.10 CIP kernel is being maintained by the Linux kernel community as a long term release kernel until Dec. 2026. After this, CIP will maintain it until Jan 2031.

By supporting 5.10 CIP kernel + bullseye based CIP Core images, users can use the latest stable versions of CIP kernel and userland with all the CIP reference hardware[2], some of which are only supported by the 5.10 kernel. 

The CIP Security Working Group[5] is targeting version 5.10 CIP kernel and the bullseye based CIP image to achieve IEC-62443-4-x certification. The CIP Software Updates Working Group[6] is actively improving secure software update mechanisms by SWUpdate and secure boot and expanding devices where the features have been supported, with the latest version of CIP Core image as well as the previous.

The CIP Core Working Group plans to continue to introduce more useful features like above to the 5.10 kernel + bullseye based image and maintain them in cooperation with other working groups and related open source software communities. Contact us via the cip-dev mailing list for feedback, questions, or discussions.

The post CIP Core supports Debian 11-based reference images appeared first on Civil Infrastructure Platform.

With the recent discontinuation of the 4.4 LTS kernel by its maintainer Greg Kroah-Hartman, the CIP project now requires organized backports to one of its kernels for the first time, independently of the LTS project. The CIP kernel team already expanded its capacity last year and is well prepared to handle this task.

The CIP kernel developers will remain  involved in the review process of patches targeting related LTS kernels. CIP is actively engaged in enhancing the test infrastructure for the Linux Kernel, both through its work on the CIP SLTS Kernels and CIP’s participation in the KernelCI project.

About The Civil Infrastructure Platform (“CIP”)

The Civil Infrastructure Platform (“CIP”) is a collaborative, open source project hosted by the Linux Foundation. The CIP project is focused on establishing an open source “base layer” of industrial grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Currently, civil infrastructure systems are built from the ground up, with little re-use of existing software building blocks.

The CIP project intends to create reusable building blocks that meet the safety, reliability and other requirements of industrial and civil infrastructure. By establishing this ‘base layer’, CIP aims to:

• Speed up implementation of civil infrastructure systems;
• Build upon existing open source foundations and expertise without reinventing non-domain specific technology;
• Establish (de facto) standards by providing a base layer reference implementation;
• Contribute to and influence upstream projects regarding industrial needs;
• Motivate suppliers to actively support these platform / provide an implementation; 
• Promote long term stability and maintainability of the base layer of code; and
• Adopt the security standard IEC 62443

With respect to project governance, a Governing Board is responsible for financial matters while the Technical Steering Committee oversees the technical direction of the project.

For more information, please visit https://www.cip-project.org/

The post CIP Expands Work on SLTS Kernel Maintenance appeared first on Civil Infrastructure Platform.

Today, the Civil Infrastructure Platform (CIP) welcomes VES LLC as its newest member. VES is a small business Headquartered out of Aberdeen Proving Ground, Maryland with a focus on solving the Department of Defense’s (DoD) hardest Software Systems Integration challenges. VES is joining CIP to further their development of custom Government off the Shelf (GOTS) infrastructure solutions, integrating Mission Command systems, and prototyping emerging technologies for use in the Army and Joint tactical architecture.

The Civil Infrastructure Platform strives to create an open source “base layer” of industrial-grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Embedded systems are crucial to civil infrastructure, including within Army operating systems and across the DoD. Given VES’ area of expertise, and CIP’s mission to establish an open source “base layer” of industrial-grade software, there’s strong alignment with both CIP and VES.

“As CIP grows, it is exciting to bring in a broader array of organizations wishing to establish a Linux-based open source base layer for industrial-grade, civil infrastructure.” said Yoshitake Kobayashi, Technical Steering Committee Chair of CIP, “We are excited to have VES on board and welcome all future collaboration within the CIP community.” 

“We are very excited to join the CIP and become an integral member of an expansive network focused on open source solutions with other industry leaders.” said VES CEO, Matt Vidovich.  “Each member of our core VES leadership team brings over 17 years of open systems architecture experience across the Department of Defense, commercial, and international markets.  We look forward to expanding our relationships and impact with other stakeholders sharing the same purpose and passion on solving the toughest open source problems with enduring solutions.”

Brad Lilly, VES Chief Technology Officer (CTO) for Systems, stated “As a segment leader in custom DoD Linux Distributions, VES is committed to the ongoing security and maintainability for our customer’s systems. CIP has given us a strong base to build on, and we are excited to begin contributing back to help ensure CIP’s long term success.” 

Established in 2014, VES has specialized expertise in building GOTS versions of embedded Linux for Army operating systems needs, and in developing and deploying the Army Mission Command Infrastructure architecture.

Interested in becoming a CIP member, learn more here. 

The post VES LLC Joins CIP as a Silver Member appeared first on Civil Infrastructure Platform.

Today, CIP is thrilled to welcome IoT.bzh as the newest member of the project. The Civil Infrastructure Platform strives to create an open source “base layer” of industrial-grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Embedded systems are key to the civil infrastructure.  IoT.bzh’s expertise in IoT and embedded as well as its deep history with open source, make them a welcomed voice to the CIP Project.

“As we enter into an era of ongoing security risks to our most critical infrastructure, things like updates and security are crucial. Now, more than ever, supporting CIP means investing in the long term support and maintenance on the very foundational infrastructure we all rely on, said Yoshitake Kobayashi , Technical Steering Committee Chair of CIP. “For that, we are thrilled to have IoT.bzh as a new CIP member”

IoT.bzh, leading open source company for secured embedded systems provides redpesk®, a software factory in a white box enabling users to speed up and control embedded developments from the initial design cycle until product end of life. IoT.bzh works with developers from Industrial IoT markets (automotive, marine, military, energy, aeronautics etc) to help them focusing on the differentiating applications that bring value to their business

“We are thrilled to welcome IoT.bzh to the CIP Project. As an organization, they have great experience with helping the very audience CIP also aims to support,” said Urs Gleim, CIP Board Chair. “As members of the CIP Project, we look forward to working together.” 

Interested in becoming a CIP member, learn more here. 

The post Welcome IoT.bzh as a CIP Member appeared first on Civil Infrastructure Platform.

Today, the Civil Infrastructure Platform has multiple requirements that need to be maintained. This is where the CIP Testing Work Group (TWG) comes in. The TWG configures and manages the automated test infrastructure for the CIP project and ensures all systems are operating correctly. Currently led by Chris Paterson (patersonc), the TWG’s main focus is on maintaining the LAVA instance that the project uses. Overall, the TWG provides the infrastructure needed to test the various CIP projects such as the Super Long Term Support (SLTS) Kernels and CIP-Core reference filesystems.

The CIP project aims to provide support for the Linux Kernel for a comparatively long time. Over time the amount of testing required will keep increasing as the project grows, so it is important to have as much of that testing as automated as possible. Without automation, the cost of testing would be prohibitive.

Under the hood 

Our Continuous Integration (CI) setup is driven by GitLab CI/CD which dynamically boots up AWS EC2 on-demand instances for our build jobs using our gitlab-cloud-ci tool.

Test jobs are also created and submitted to our LAVA instance, where they are run on QEMU virtual machines and on physical devices.

The GitLab CI pipelines that we use to build/test the Kernel are hosted in a separate GitLab repository.

Currently, CIP has two LAVA master instances (production & staging) and 5 LAVA workers (Cybertrust, Denx, Mentor, Renesas & “Chris” (staging)) in use, hosting a total of 284 devices.

The current device status can be viewed at lava.ciplatform.org.

We support all of the CIP reference platforms. We are working to expand the number of devices available, increasing reference platform availability whilst reducing test times.

Testing WG and the ecosystem 

This group is a critical part of the overall CIP ecosystems, working with other CIP WGs as well as external open source projects. For example, CIP Testing works with all of the other CIP projects and working groups as most, if not all require the ability to test their software. Outside of CIP the testing group collaborates with other open source projects such as KernelCI, LAVA and Linaro’s test definitions. CIP also builds and boot tests each stable Linux Kernel release candidate in a number of different configurations.

On the Horizon

CIP has recently started work on their third SLTS Kernel, based on v5.10.y, which means that our automated testing needs to be expanded accordingly.

On the roadmap is collaborating further with the KernalCI project on testing management. The TWG is currently working with the KernelCI project to set up CIP’s own instance of KernelCI’s back/front-end. This will allow the project to better manage its testing and automatically process and check the results for any regressions. The front-end GUI that KernelCI provides is much better for reviewing test results then the setup CIP is currently using.

Get Involved

We are always happy to collaborate with others to expand and improve our setup, whether it’s upgrading the core infrastructure or simply adding support for more test cases.

Reach out to us on IRC (Freenode #cip) or via the cip-dev mailing list.

More information on the activities of the TWG can be found on the CIP Wiki.

The post CIP Testing Working Group appeared first on Civil Infrastructure Platform.

This will be the third SLTS kernel maintained by CIP for the extended time frame of 10 years. The SLTS kernels differentiate from regular LTS releases in that they accept certain hardware-enabling backports of upstream accepted changes. By having the latest kernel features and device supports, the new SLTS kernel will give a new starting point for long term support. This will benefit users who are planning to embark on new industrial-grade device developments or Board Support Package (BSP) developments.

If you are relying already on CIP SLTS 4.4 or 4.19 kernels or plan to make use of the upcoming version, please consider joining the project to ensure its sustainability and help expanding SLTS support also in the future. Being a member furthermore allows to influence the project direction, the choice of reference hardware and kernel configurations that will be supported and tested.

By starting the SLTS kernel development, CIP would be ready to align with a new Debian release which is expected in 2021. The Debian Project aims to provide Linux-based operating system, Debian, to be widely used with long-term support. This enables CIP to take advantage of their activities to achieve CIP’s goal. 

End-users of CIP include systems for electric power generation and energy distribution, oil and gas, water and wastewater, healthcare, communications, transportation, and community management. These systems deliver essential services, provide shelter, and support social interactions and economic development. They are society’s lifelines, and CIP aims to contribute to and support these important pillars of modern society. Developing the next major SLTS kernel version helps CIP continue on its goal to create an interoperable open source software platform that is secure, reliable and sustainable for at least 10 years. 

The post CIP to Embark on Kernel 5.10 Development for SLTS appeared first on Civil Infrastructure Platform.

The Open Source Summit series always provides unique opportunities to learn and connect, even when we can’t be in the same space together. We are looking forward to this year and all the ways to come together with the broader open source community. 

Interested in catching up on the latest with CIP at the event? We have you covered! Through talks, our booth, Slack, and our CIP Mini Summit, there are a variety of ways to learn more about CIP.

CIP Talks

At this year’s OSS EU, we are excited to have four CIP related talks on the schedule

• Upstream First is Our Principle – Toward Super Long-Term Support – Masashi Kudo, Cybertrust Japan Co., Ltd. & Chris Paterson, Renesas Electronics Europe

• Panel Discussion Follow-up: Do We Need an Industrial Grade Linux? – Lars Geyer-Blaumeiser, Bosch.IO; Kate Stewart, The Linux Foundation; Jan Kiszka, Siemens AG; Guy Lunardi, Collabora Limited, & Andre Barkowski, Robert Bosch GmbH

• Threat Modelling – Key Methodologies and Applications from OSS CIP (Civil Infrastructure Platform) Perspective – Dinesh Kumar, Toshiba Software India & SZ Lin, Moxa Inc

• The International Effort to Establish Open Source Base Layer of Cyber Security for IACS – Kento Yoshida, Renesas Electronics Corporation

CIP Mini Summit

The CIP Mini-Summit is a 90-minute, single-track event on the topic of industrial open source system which is based on Linux. The main goal of this event is to provide technical details and an overview to develop an industrial-grade CIP open source base layer. Sub-groups of CIP will talk about current development activities as well as future plans. Attendees will get to know how their products can leverage CIP’s SLTS(Super Long Term Support) to develop Industrial grade products.

Topics to be covered:

• State of Civil Infrastructure Platform
• CIP Kernel Team Activities towards Super Long Term Support
• Status update for testing within CIP
• CIP Security towards achieving industrial-grade security

To register for the CIP Mini-Summit, add it on to your Open Source Summit + Embedded Linux Conference Europe registration.

CIP Booth

As a sponsor of the event, we will have an event “home base” for all things CIP. Stop by our booth for more information on the project and ways to get involved.

Visit* the CIP Booth in the Sponsor Showcase

Link:https://www.accelevents.com/e/OSSELCEU2020/portal/expo/23366 

*Please note that you will need to be registered for the event as well as Accelevents to view the booth. 

If you can’t wait until Oct 26th to connect, no need to! Visit us at https://www.cip-project.org/, find us on twitter at https://twitter.com/cip_project, on LinkedIn at  and direct any membership questions to membership@cip-project.org.

The post CIP at Open Source Summit Europe 2020 appeared first on Civil Infrastructure Platform.

1. What is CIP Kernel Team (What does this team work on, what issues does it solve)

While the CIP project aims to establish an open source base layer (OSBL) of industrial grade software to enable the use and implementation of software building blocks for civil infrastructure, CIP Kernel Team is responsible for Linux kernel in OSBL to sustain industrial grade systems or devices during their life cycles.

2. What is the primary goal of this team?

The goal of the team is to provide CIP kernels with more than a ten year maintenance period by fixing versions to fulfill the required level of reliability, sustainability, and security.

3. What is the development principle of CIP?

CIP adopts the upstream first as our development principle. The “Upstream First” principle allows patch commits only if those patches are already in the upstream. By following this principle, if a desired patch is not in the upstream yet, this patch should be accepted by the upstream at first. Therefore, it may take time to introduce the desired patch to our project.

But, it enables us to share our outputs with the upstream.  At the same time, the risk of conflicts can be eliminated.

CIP is aiming to sustain target systems and devices during their life cycles which are very long by their nature. So the Upstream First principle is essential to achieve our goal. 

4. What is “Upstream First” for the Kernel Team?

For the CIP kernel team, upstreams are Linux mainline and LTS. The team collaborates with upstream projects. Before using their outputs, the team upstreams what the team has and doesn’t keep them locally. 

As marked 1, “Contribution” is our first action. Feature upstreaming is done by CIP member developers. On the other hand, the CIP Kernel Team contributes to upstream in a more general manner. The team developed open source tools in order to work on contributions effectively..

As marked 2, “Use” is the second action. The team uses LTS kernels to release CIP SLTS kernels. For those releases, automated testing plays a very important role. Therefore the  CIP kernel team is closely working with the CIP testing team.

As marked 3, “Integrate” is the third action. By integrating those SLTS kernels with CIP Core packages and additional packages, industrial systems or devices can be developed and maintained.

5. How does the team use LTS kernels?

The team uses LTS for CIP SLTS kernel bases. 

CIP SLTS kernels are based on LTS 4.4 and 4.19. The first releases of SLTS 4.19 and 4.19rt were done in 2019. The team plans to maintain them until 2029 for ten years. The first releases of SLTS 4.4 and 4.4rt were done in 2017, and likewise the team supports them for ten years till 2027.

Both LTS 4.4 and 4.19 are maintained for 6 years by the LTS project. So, the remaining 4 years will be maintained by the CIP Kernel Team.

6. How can CIP kernels be used?

By integrating the SLTS kernels with CIP Core packages and additional packages, industrial systems or devices can be developed. 

CIP refers to Debian for userland packages. If you would like to use Debian source packages, you can use Yocto/Poky as a build system. 

CIP core packages contain tens of packages which may not be sufficient for the development of end products. So, you can add necessary packages from Debian by writing recipes.

7. What has this team accomplished so far?

Currently SLTS 4.19 is released twice a month and 4.4 is once a month. SLTS 4.19-rt is once a month and 4.4-rt once every two months.

So far the team has steadily released CIP SLTS kernels by following release frequencies below. 

(as of June 7, 2020)

8. What are some future goals?

The team made major releases in 2017 and 2019. So, a major release frequency is once per two years so far. Another two years is going to pass, and Year 2021 is approaching. So, the team started to discuss new SLTS kernels.  

9. How can people get involved?

The post CIP Kernel Team: Helping CIP Sustain Industrial Grade Systems appeared first on Civil Infrastructure Platform.