Outlook 2012: Securing embedded devices

Device developers must respond by taking a more holistic approach to device security, one that considers security issues at every layer of the development stack – from silicon to the operating system, the network and communication stacks and the application layer. Nowhere is this opportunity more prevalent than in the world of embedded devices. The recent surge in embedded device development has been remarkable. Embedded products that control critical infrastructure are becoming increasingly intelligent, transforming from simple standalone to complex, autonomous, but connected, systems. Embedded products are interacting not just with us – expanding our ability to communicate and share information – but also with each other. Ericsson has estimated there will be more than 50billion connected devices in use by 2020. Each new device on the network is potentially the next weakest link. According to McAfee, more than 55,000 new malware programs and 200,000 zombies are uncovered every day, more than 2million malicious websites exist and new forms of attacks and exploits arrive daily. These security threats are accelerated by connected devices. Increasingly, current or former employees with access to sensitive systems and knowledge of their internal workings are causing systems to fail. Professional, well-funded groups, including organised crime, government agencies and terrorist cells, are finding security vulnerabilities through embedded devices and exploiting them, causing harm to equipment and potentially putting lives at risk, as shown in these examples. • Stuxnet, a sophisticated malware program unleashed against the Natanz nuclear enrichment site in Iran in mid 2009, was designed to infiltrate the control systems and make hidden, damaging adjustments to vital centrifuges. • In 2008, a terminated employee of Hunter Watertech used a laptop with the firm's Supervisory Control and Data Acquisition (SCADA) software and a two-way radio to issue wireless commands to the SCADA system of another firm which had decided not to hire him. He used the software to disable alarms in Maroochy Shire Council's sewage equipment and caused 800,000 litres of raw sewage to spill into local rivers. • In 1997, in perhaps the first documented successful attack on infrastructure, a hacker temporarily disabled a telephone computer servicing Worcester airport in the US, cutting communication to the control tower and preventing access to emergency services. Embedded devices have now become targets and the costs of a security breach can be enormous. The global economy and our infrastructure depend on embedded systems and, ultimately, mission critical activities and human lives are at stake if they are not secured. The key to preventing these threats new security threats is to take a platform perspective. Embedded device developers needs to consider security issues at every layer - from hardware platforms and virtualisation technologies to the operating system, packets of data being sent across the network and purpose built applications required to support device functionality. The first step is to conduct an end to end system threat assessment that looks at security issues, not just from the developer's viewpoint but also from those manufacturers, operators and end users. At the manufacturing level, security needs to become an integral part of system design, technology selection, application development processes and even application management tasks, such as patching and upgrades. For operators, security threats inherent in configuration or customisation must be analysed and addressed. Software management, updating and provisioning processes must also be designed with security in mind. At the end user level, the assessment should include threats that can be introduced by end users, such as malware, viruses, worms and trojans: all of which can affect reliability and performance. SECURING THE SOFTWARE STACK The next step is to drive security protection across the device system software stack – from silicon to the application layer. • Silicon. At the silicon level, there is an opportunity to embed technologies such as virtualisation, trusted delivery and trusted boot, into a chip's firmware to augment the robustness of the operating system. • Hypervisor. Virtualisation technologies can be used to bolster security by the use of separation. To increase security in embedded devices, virtualisation is being used more and more to separate device use, separate human machine interface (HMI) operating systems from the control operating system and to separate the physical interface from the control operating system. • Operating system and communications stacks. OS selection has become crucial for highly connected devices. The OS and communications stack should comply with the latest security requirements defined for the desired use. In addition, these products should be certified against market segment security validation suites. • Applications. These need to be developed from the start with security in mind. Applications can take advantage of technologies being developed to aid security robustness, by leveraging 'grey' or 'white' listing. Developers need to design applications with strict security principles; otherwise, the applications they deliver may be used as back doorways for malicious use. CERTIFICATION IMPORTANCE At every level, developers should be looking at ways to incorporate security design principles and associated security certified run time components: certified OSs, certified network stacks and certified middleware. Certification provides an independent validation that a given component or platform meets specified standards and is conformant with specified requirements. It also provides a benchmark that can serve as a basis for comparison. APPLICATION SPECIFIC TECHNOLOGIES Historically, security protection in the embedded space and in the application arena have been separate. However, given the increasingly connected nature of today's embedded devices, it has become a strategic imperative to deal with security threats holistically. Since embedded devices have technology requirements that differ from those of IT equipment, traditional security solutions are insufficient. With the teaming of McAfee and Wind River, embedded developers can implement security measures at all layers of the software stack, including the application layer. McAfee and Wind River can combine the concepts of white listing and 'reputation based intelligence' to deliver stronger security to embedded devices. The white listing approach – commonplace in industrial, financial, medical and enterprise data centres – focuses on allowing only the known good. By integrating these concepts with grey listing, where security threat assessment is reputation based, Wind River and McAfee can deliver a security paradigm that addresses the full range of threats. CONCLUSION A paradigm shift is needed, beginning with a fresh perspective about security – not just as a bolted on feature, but also as a built in attribute of next generation embedded devices. Developers need to architect embedded products to address security challenges before they become pervasive. By taking a platform perspective to security and by harnessing the efficiencies of cyber security certified components, development costs and time frames can be cut while decreasing overall security risks. For embedded developers, this transformation delivers more secure infrastructure, stronger financial results, greater peace of mind and a better way of life.