Andrew Zonenberg will describe the approach he is using to design an open source SSP21 (a secure by design ICS protocol) chip.
He believes the big advantage of his approach is simplicity of maintenance and minimal attack surface. It’s not a giant embedded Linux system running millions of lines of C code in hundreds of utilities and drivers, any
one of which could contain bugs.
With a hardware datapath, even if there are bugs in the design it’s very unlikely (or even impossible, if you verify the design correctly) that key material or plaintext could leak out the WAN interface a la Heartbleed.
The goal is for the system to be as simple and “forgettable” as a USB-UART dongle – never need patching or updating or administration of any kind after the initial setup.