industry news
Subscribe Now

Wind River’s Helix Security Framework services offering to prepare and protect systems, devices and communications from cyberattacks

Security is the number one issue facing IoT deployments and must be properly addressed before broad adoption can begin. Cybersecurity has become a high priority for IT systems, yet there continue to be major security breaches, such as the hacks of major organizations including Anthem, Home Depot, the U.S. Office of Personnel Management, Sony, Target, and the French naval contractor DCNS. The threat of cyberattacks is very real; every day there are nearly 1 million new malware threats identified and millions of actual cyberattacks.

To minimize these risks and fully realize the opportunities of the IoT, a strict and reliable approach to security is essential. Different devices, systems, and industries have varying security requirements and often require a custom lens.

To complement Wind River’s product portfolio, we have introduced Wind River Helix Security Framework, a consultative services offering designed to help customers meet their IoT security needs. The offering is part of Wind River’s Professional Services business.

The Helix Security Framework provides an innovative services offering for both discovering and representing the security needs of IoT devices, as well as the entire IoT system comprised of those devices. The components of the model are based around the CIA Triad, the industry standard model to represent security, which is built around principles of confidentiality, integrity, and availability. Specifically, it offers the following services to help companies integrate security from step one and for every stage of the process:

•       Security Assessment: Identification of the device assets, vulnerabilities to those assets, risks, and regulatory requirements (i.e., NIST standards and special publications, Avionics DO-355/356, Medical Device Security Disclosure, and NERC CIP-007-3a). Determination of which security implementations are to be used based on cost, performance and operational environment factors.  The Security Assessment documents the security policy of the device.  The Security Policy defines the security implementations used to protect the assets and defines the security audit log messages and their responses for the system.
•       Information Assurance Foundation: A fully documented and complete source code solution offering that enables hardware-based security implementations that are ported to and tested on the customer’s hardware platform.
•       FIPS 140-2 Certification: Integrating and testing the cryptographic module(s) and taking the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 Certification.

Wind River Helix Security Framework is equipping companies with proven strategies and technologies to secure their hardware and software, protect communication between devices and across systems, safeguard them over time, and respond quickly as new threats emerge.

For example, Elbit Systems of America, an advanced technology company, partnered with Wind River to perform a proactive security assessment on one of Elbit Systems of America’s next generation platforms for a defense customer.  By applying the Helix Security Framework, Wind River identified several opportunities to further enhance the overall robust security of Elbit Systems of America’s platform for current and future requirements.

Security is embedded in Wind River’s DNA. It is part of our rich technology heritage of more than 30 years powering mission-critical systems in markets such as aerospace, defense, industrial, and medical. Security is part of our services/consultative expertise and is built into the software we provide to help companies develop trusted and reliable solutions. Our security capabilities, along with our development processes, meet rigorous security requirements across many critical infrastructure segments.

For more information on how Wind River is addressing IoT security, visit https://goo.gl/vXAZG6.

Image 1 caption – Wind River Helix Security Framework based on CIA

Image 2 caption – Information Assurance Foundation hardware-enabled security implementations

Leave a Reply

featured blogs
Feb 23, 2018
The IEEE-SA has a policy of keeping standards active by making sure they get a cycle of updates every 10 years. Including Verilog, SystemVerilog has been going on a cycle of updates every 5±1 years since 1995. I wrote here about the updates to 1800-2009 and 1800-2012, and no...
Feb 23, 2018
What is a software GPS, what does it have to do with Tensilica DSP IP, and why would anyone care? To answer that, let's start with a quiz from the transportation industry. How many shipping containers are currently in transit around the world? It turns out that no one kn...
Feb 22, 2018
We’ve spent a good chunk of the last year building a new on-site search experience for Samtec.com. This update continues that trend with our newly released competitor cross reference search addition. Using this feature, you can access competitor cross reference data for...
Jan 19, 2018
Artificial intelligence (AI) is reshaping the way the world works, opening up countless opportunities in commercial and industrial systems. Applications span diverse markets such as autonomous driving, medical diagnostics, home appliances, industrial automation, adaptive webs...