Security is the number one issue facing IoT deployments and must be properly addressed before broad adoption can begin. Cybersecurity has become a high priority for IT systems, yet there continue to be major security breaches, such as the hacks of major organizations including Anthem, Home Depot, the U.S. Office of Personnel Management, Sony, Target, and the French naval contractor DCNS. The threat of cyberattacks is very real; every day there are nearly 1 million new malware threats identified and millions of actual cyberattacks.
To minimize these risks and fully realize the opportunities of the IoT, a strict and reliable approach to security is essential. Different devices, systems, and industries have varying security requirements and often require a custom lens.
To complement Wind River’s product portfolio, we have introduced Wind River Helix Security Framework, a consultative services offering designed to help customers meet their IoT security needs. The offering is part of Wind River’s Professional Services business.
The Helix Security Framework provides an innovative services offering for both discovering and representing the security needs of IoT devices, as well as the entire IoT system comprised of those devices. The components of the model are based around the CIA Triad, the industry standard model to represent security, which is built around principles of confidentiality, integrity, and availability. Specifically, it offers the following services to help companies integrate security from step one and for every stage of the process:
• Security Assessment: Identification of the device assets, vulnerabilities to those assets, risks, and regulatory requirements (i.e., NIST standards and special publications, Avionics DO-355/356, Medical Device Security Disclosure, and NERC CIP-007-3a). Determination of which security implementations are to be used based on cost, performance and operational environment factors. The Security Assessment documents the security policy of the device. The Security Policy defines the security implementations used to protect the assets and defines the security audit log messages and their responses for the system.
• Information Assurance Foundation: A fully documented and complete source code solution offering that enables hardware-based security implementations that are ported to and tested on the customer’s hardware platform.
• FIPS 140-2 Certification: Integrating and testing the cryptographic module(s) and taking the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 Certification.
Wind River Helix Security Framework is equipping companies with proven strategies and technologies to secure their hardware and software, protect communication between devices and across systems, safeguard them over time, and respond quickly as new threats emerge.
For example, Elbit Systems of America, an advanced technology company, partnered with Wind River to perform a proactive security assessment on one of Elbit Systems of America’s next generation platforms for a defense customer. By applying the Helix Security Framework, Wind River identified several opportunities to further enhance the overall robust security of Elbit Systems of America’s platform for current and future requirements.
Security is embedded in Wind River’s DNA. It is part of our rich technology heritage of more than 30 years powering mission-critical systems in markets such as aerospace, defense, industrial, and medical. Security is part of our services/consultative expertise and is built into the software we provide to help companies develop trusted and reliable solutions. Our security capabilities, along with our development processes, meet rigorous security requirements across many critical infrastructure segments.
For more information on how Wind River is addressing IoT security, visit https://goo.gl/vXAZG6.
Image 1 caption – Wind River Helix Security Framework based on CIA
Image 2 caption – Information Assurance Foundation hardware-enabled security implementations