industry news
Subscribe to EE Journal Daily Newsletter
1 + 7 =

Wind River’s Helix Security Framework services offering to prepare and protect systems, devices and communications from cyberattacks

Security is the number one issue facing IoT deployments and must be properly addressed before broad adoption can begin. Cybersecurity has become a high priority for IT systems, yet there continue to be major security breaches, such as the hacks of major organizations including Anthem, Home Depot, the U.S. Office of Personnel Management, Sony, Target, and the French naval contractor DCNS. The threat of cyberattacks is very real; every day there are nearly 1 million new malware threats identified and millions of actual cyberattacks.

To minimize these risks and fully realize the opportunities of the IoT, a strict and reliable approach to security is essential. Different devices, systems, and industries have varying security requirements and often require a custom lens.

To complement Wind River’s product portfolio, we have introduced Wind River Helix Security Framework, a consultative services offering designed to help customers meet their IoT security needs. The offering is part of Wind River’s Professional Services business.

The Helix Security Framework provides an innovative services offering for both discovering and representing the security needs of IoT devices, as well as the entire IoT system comprised of those devices. The components of the model are based around the CIA Triad, the industry standard model to represent security, which is built around principles of confidentiality, integrity, and availability. Specifically, it offers the following services to help companies integrate security from step one and for every stage of the process:

•       Security Assessment: Identification of the device assets, vulnerabilities to those assets, risks, and regulatory requirements (i.e., NIST standards and special publications, Avionics DO-355/356, Medical Device Security Disclosure, and NERC CIP-007-3a). Determination of which security implementations are to be used based on cost, performance and operational environment factors.  The Security Assessment documents the security policy of the device.  The Security Policy defines the security implementations used to protect the assets and defines the security audit log messages and their responses for the system.
•       Information Assurance Foundation: A fully documented and complete source code solution offering that enables hardware-based security implementations that are ported to and tested on the customer’s hardware platform.
•       FIPS 140-2 Certification: Integrating and testing the cryptographic module(s) and taking the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 Certification.

Wind River Helix Security Framework is equipping companies with proven strategies and technologies to secure their hardware and software, protect communication between devices and across systems, safeguard them over time, and respond quickly as new threats emerge.

For example, Elbit Systems of America, an advanced technology company, partnered with Wind River to perform a proactive security assessment on one of Elbit Systems of America’s next generation platforms for a defense customer.  By applying the Helix Security Framework, Wind River identified several opportunities to further enhance the overall robust security of Elbit Systems of America’s platform for current and future requirements.

Security is embedded in Wind River’s DNA. It is part of our rich technology heritage of more than 30 years powering mission-critical systems in markets such as aerospace, defense, industrial, and medical. Security is part of our services/consultative expertise and is built into the software we provide to help companies develop trusted and reliable solutions. Our security capabilities, along with our development processes, meet rigorous security requirements across many critical infrastructure segments.

For more information on how Wind River is addressing IoT security, visit https://goo.gl/vXAZG6.

Image 1 caption – Wind River Helix Security Framework based on CIA

Image 2 caption – Information Assurance Foundation hardware-enabled security implementations

Leave a Reply

featured blogs
Dec 11, 2017
COTS is government jargon for Commercial Off-The-Shelf. This means the government going out an purchasing commercial products that are available to anyone, not something commissioned specially by the government and unavailable to anyone else. It can be applied to anyone: Micr...
Dec 11, 2017
This time of year is typically set aside for preparation, and this year is no different. We spent November working on a couple of major upgrades to prepare for releases in 2018, one with the way we handle quotes in My Samtec, and the other with how we handle the checkout expe...
Nov 16, 2017
“Mommy, Daddy … Why is the sky blue?” As you scramble for an answer that lies somewhere between a discussion of refraction in gasses and “Oh, look—a doggie!” you already know the response to whatever you say will be a horrifyingly sincere “B...
Nov 07, 2017
Given that the industry is beginning to reach the limits of what can physically and economically be achieved through further shrinkage of process geometries, reducing feature size and increasing transistor counts is no longer achieving the same result it once did. Instead the...