THE LINUX FOUNDATION PROJECTS
Monthly Archives

May 2026

May 27 2026

Civil Infrastructure Platform Celebrates 10 Years of Supporting Industrial Grade Linux

By Press Release

Decade of infrastructure safety for critical sectors like energy, manufacturing, and healthcare

The Civil Infrastructure Platform (CIP), a collaborative, open source project hosted by the Linux Foundation, today commemorates its 10th anniversary. Originally formed in 2016 by industry leaders in railways, electric power, and factory automation, CIP is celebrating the maturity of its industrial grade Linux development activities – including Super Long Term Support (SLTS), CIP Core, and advanced testing – as a foundational platform for global critical infrastructure.

As industrial systems face new regulatory requirements like the European Cyber Resilience Act (CRA), which mandates long-term software safety and supply chain transparency, CIP has evolved into an indispensable digital public good. By providing a certified and long-term maintained base layer, containing the Linux kernel and the most commonly used core packages, CIP allows companies to meet stringent safety requirements without the prohibitive costs and risks of building proprietary solutions.

“Ten years ago, when we declared we would support critical infrastructure with open source, many were skeptical about its continuity,” said Urs Gleim, CIP Governing Board Chair and Head of Central Research and Development at Siemens. “But today, CIP has become an indispensable foundation supporting railways and power grids worldwide, achieving against that ambitious goal set ten years ago to maintain industrial-grade open source for decades.”

Key impacts of CIP include:

  • Security Standardization: CIP significantly reduced certification costs for infrastructure companies through compliance with IEC 62443 standards.
  • Sustainable Ecosystem: By returning feedback and fixes from the industrial sector to upstream communities, CIP continues to improve the overall quality of Linux for users, agencies, and communities alike.
  • Expanding Global Collaboration: CIP brings together a cohort of global competitors across Europe, Asia, and into the Americas to jointly safeguard the security of social infrastructure.

The project’s work is critical for sectors where downtime is unacceptable and updates are difficult, such as power plant turbines, smart grid control devices, railway monitoring, traffic management systems, and advanced medical devices. In the current landscape of 2026, CIP also serves as a deterministic and safe Linux for securely running edge AI within infrastructure.

A comprehensive look at the CIP journey is available in a blog post.

For more information about CIP or project membership, please visit the CIP Project Home or join the growing developer community at CIP GitLab.

 

Supporting Quotes

“Our mission is not just to maintain code. It is to continuously provide ‘unwavering trust’ through technology in an increasingly digitized society.”

– Yoshitake Kobayashi, CIP Technical Steering Committee Chair and Assistant General Manager at Toshiba

“The collaboration between Freexian and the CIP community around Debian LTS and ELTS demonstrates how enterprises can interact with the open source community to support the long-term maintenance of critical software. By building its industrial Linux on Debian, and by funding the Debian LTS project, CIP contributes to Debian’s sustainability while addressing the real needs of long-lived industrial systems. This kind of collaboration strengthens both the critical infrastructure built on Debian and the wider open source ecosystem.”

– Raphaël Hertzog, Debian Developer and Founder of Freexian

“CIP has been a core contributor to the KernelCI project since its formation as a Linux Foundation initiative, taking long-term responsibility for stabilizing and sustaining KernelCI itself, not just using it for testing long-term supported kernels. Through this sustained collaboration, KernelCI has continued to strengthen Linux kernel quality across architectures, helping make industrial-grade Linux a practical reality.”

– Kevin Hilman, co-founder of KernelCI and CTO & co-founder BayLibre

“The collaboration between the Reproducible Builds project and CIP highlights a critical shift in how we approach industrial software. Through verifiability, CIP ensures that the open source foundation of our critical infrastructure is not only sustainable but also demonstrably secure. This commitment to transparency is vital for the trust and resilience required by critical systems over decades of operation.”

– Chris Lamb, Core Team Member of the Reproducible Builds Project

 

About the Civil Infrastructure Platform

The Civil Infrastructure Platform (“CIP”) is a collaborative, open source project hosted by the Linux Foundation. The CIP project is focused on establishing an open source “base layer” of industrial grade software to enable the use and implementation of software building blocks in civil infrastructure projects across energy, transportation, smart city, manufacturing, healthcare, and communication Infrastructure applications. CIP is supported by key members including Renesas Electronics, Siemens, Toshiba, Texas Instruments, Aronetics, CyberTrust, Hitachi, and MOXA. Visit https://cip-project.org/ to learn more.

May 26 2026

A Common Linux Base for Civil Infrastructure, Born from a Serendipitous Encounter

By Announcement, Blog, In the News

— Ten Years of CIP: From Shared Questions to a Shared Foundation —

Author: Yoshitake Kobayashi and Kazuhiro Hayashi, Toshiba

The Civil Infrastructure Platform (CIP) marks its tenth anniversary in 2026.
To reflect on this milestone, several partners—including Siemens—have shared their perspectives on why CIP was needed and what it has achieved over the past decade. As highlighted in Siemens’ contribution, CIP was built around a simple but critical idea: establishing a trusted software base for critical infrastructure and industrial systems through sustained upstream collaboration, benefiting both industry and the broader open source community.
Building on those perspectives, this article revisits how CIP came into being—and why its emergence was ultimately inevitable—from the viewpoint of Toshiba.

2014: Different Paths, the Same Question

The origins of CIP go back to before its formal launch in 2016.

In 2014, within the Consumer Electronics (CE) Workgroup of the Linux Foundation, Toshiba proposed addressing a growing challenge: how to establish a Linux-based foundation that could be trusted for long-term use in social (civil) infrastructure systems.

Systems in domains such as energy, transportation, and industrial control are expected to operate reliably over decades. Yet at the time, mainstream Linux distributions and support models struggled to meet key non-functional requirements, including long-term maintenance, reproducibility, and security. These were not abstract concerns—they were recurring issues observed in real products and field deployments.

This proposal, discussed within the Linux Foundation, outlined the need for a shared, long-term supported Linux base for civil infrastructure use cases.
Only later did it become clear that Siemens had independently reached a very similar conclusion and submitted a closely aligned proposal to the same organization during the same period. The two efforts emerged just months apart, in October and December of 2014.

What may appear as coincidence is better understood as convergence.

As civil infrastructure systems continued to digitalize, different organizations were naturally led to the same fundamental question.

2015: Making the Question Shared

These parallel efforts came together in June 2015 at LinuxCon Japan.
At that event, Toshiba and Siemens jointly presented
Applying Linux to the Civil Infrastructure.

While the name “CIP” was not yet widely used, the ideas presented there would later define the project’s direction.

The shared understanding was clear:

  • Civil infrastructure systems serve as vital societal lifelines.
  • While IT-driven technologies are increasingly adopted, critical non-functional requirements—such as functional safety, reliability, long-term support, security, and real-time behavior—remain insufficiently addressed.
  • The operating system and its foundational software should not be treated as a point of competition, but rather as a common base to be developed collaboratively.

This was not a product announcement.
It was an open articulation of shared challenges, intended to invite discussion and cooperation.
That message resonated. Over time, the ideas discussed there evolved into the CIP project.

Why CIP Was Needed: Lessons from the Field

Linux is widely recognized for its robustness. However, in real-world infrastructure systems, teams repeatedly face challenges such as:

  • Issues that occur only rarely and are extremely difficult to reproduce
  • Problems that do not appear in test environments but surface under real operating conditions
  • Accumulated local patches that make long-term maintenance increasingly complex

CIP addressed these challenges by providing a framework in which they are no longer handled in isolation, but shared and resolved collectively in collaboration with upstream communities.

A concrete example illustrates the importance of this approach.

In the CIP 4.4 RT kernel, a rare issue was identified during system startup, occurring only once every 10,000 to 20,000 boots. Although infrequent, the issue could effectively cause a kernel hang. By the time the investigation began, the kernel version had already reached end-of-life, making upstream fixes unlikely. At the same time, migrating to a newer kernel was not straightforward due to constraints related to non-functional requirements and compatibility.

Thanks to CIP’s sustained support framework, it was possible to work closely with maintainers to analyze the issue and implement a fix. The solution was applied by backporting changes from newer kernels, ensuring both technical validity and maintainability.

This case demonstrates that CIP is not simply about extending support timelines.
It provides a practical, working foundation capable of addressing real-world issues throughout the lifecycle of infrastructure systems.

What CIP Represents

CIP is more than a long-term support effort.

Its core principles—industrial-grade quality, sustainability, and security—reflect the requirements of systems that underpin society.

While specific products cannot be disclosed, CIP’s achievements are actively utilized in mission-critical environments, contributing not only to individual systems but to the broader resilience of civil infrastructure.

In recent years, its scope has expanded to include areas such as security, software updates, and Software Bills of Materials (SBOM), reflecting a shared responsibility toward long-term system integrity.

Ten Years That Were Inevitable

CIP did not begin as a fully formed initiative. Questions raised independently in 2014 were shared openly in 2015, and shaped into a collaborative project in 2016.

At its core was a common understanding: this is not an area for competition, but for cooperation.

Ten years later, CIP has become a reference point for industrial-grade open source in the civil infrastructure domain. It represents not only a technical base, but a community built on shared challenges, shared solutions, and shared responsibility.

Looking ahead, CIP will continue to play a key role in enabling safe, sustainable, and trustworthy infrastructure systems worldwide.

May 12 2026

Ten years of CIP project: From a Vision to the Industrial Gold Standard

By Blog, Events, In the News

Author: Pasquale Nieddu, Siemens

Ten years ago, Siemens together with other tech leaders like Toshiba, Hitachi, and Plat’Home decided to establish the Civil Infrastructure Platform (CIP) to overcome the longevity gap between IT and OT. This union of companies wanted to give a rolling 10-year promise of stability and was therefore ready to trade competition for collaboration.

The founders of the CIP project — and later joined by members Renesas Electronics, Texas Instruments, Codethink, and Moxa — aimed to provide an implementation for safety-critical systems based on well-established Linux components and deliver long-term support for the kernel and a base set of packages. Only collaboration between companies with know-how, experts, and the necessary budget can realize such ambitious goals. Therefore, the CIP project contributes directly to upstream projects, giving back to the community it builds on.

At Siemens our experts are actively involved to ensure that the requirements are integrated and bugs are closed in the upstream projects that are crucial – not only for the CIP project, but also to benefit the whole open source community.

But why is it so crucial for Siemens to have such a platform? A bug on a brake control system, a power grid controller, or in industrial automation could cause severe harm to people’s lives. Therefore, the goal is to have a base layer of trusted software that serves as a reliable foundation for a decade or even longer.

The Pillars of Success

To create an Open Source Base Layer (OSBL) that can be labeled ‘industrial grade’, the CIP partners decided to take the existing Long Term Support (LTS) Kernel and extend its maintenance cycles to a breathtaking ten years—the so-called Super Long Term Support (SLTS).

But a Kernel alone is not enough. To build a reproducible and working image, you need a stable set of packages, which are managed and maintained within the CIP Core Layer. This foundation is used inside Siemens as a base to provide secure and robust software update support for many products. It can be built with the amazing tool Isar – a powerful toolset to create Debian-based images from scratch. While Isar as a project stands on its own, Siemens is one of the core contributors and we take care that it keeps pace with the challenges of our time.

Security, Compliance and a Birthday Present

Nowadays, stability is only half the battle. This is where the Security Working Group (SWG), where Siemens also is active, comes into play. Its members provide the tools to meet the IEC 62443-4-2 standard. By providing the right configurations, an image built with CIP is “IEC 62443-4-2 ready.” And just in time for the 10th anniversary – as a birthday present, so to speak – the CIP achieved official certification for the IEC 62443-4-2 standard! One of Siemens Mobility’s very own products, the so called M-COM, was the technical hardware base for this certification. 

Since security is a core part of being resilient, the European Union now requires proof through the Cyber Resilience Act (CRA). The CIP directly helps Siemens fulfill our duty to provide security updates throughout the entire product lifecycle. This allows our members to stay ahead of threats without monitoring thousands of packages individually — shifting the focus from struggling with compliance to leading the market.

Putting Vision into Practice: Siemens Mobility

But where inside Siemens do we use it? One mentionable example is Siemens Mobility, where the CIP project together with Isar serve as the foundation for a hardened, long-supported in-house Linux Operating System. A secure, robust operating system is essential for the challenges of modern railway infrastructure such as the European Train Control System (ETCS), digital interlocking, or future cloud solutions. Thanks to the great cooperation within the CIP project, we can fulfill our customers’ high demands on safety and security standards in Europe and around the world.

For Siemens, this collaboration with the CIP project is a big plus as it significantly reduces the time and costs associated with certification. While the CIP provides the tools for IEC 62443-4-2 at Security Level 2 (SL-2), Siemens Mobility leverages this base to fulfill even more comprehensive requirements, reaching SL-3 for both component (4-2) and system levels (3-3).

Beyond using the platform, Siemens actively contributes to the CIP project’s ecosystem with its own projects. A mentionable example is the debsbom tool, which simplifies the creation and management of Software Bills of Materials (SBOM). By contributing to this and many other tools, Siemens is making it easier to meet the CIP project’s modern requirements.

Nevertheless, we must not forget that all of this was only possible because several market players agreed to work together as equals. They gave their employees the freedom to work on this shared project, and over time, the boundaries blurred: the employees of other companies truly became our colleagues.