Rapid growth in the intelligence and interconnectedness of embedded devices is accompanied by an upward spiral in security threats. Attacks on these devices are being perpetrated not only by the usual suspects, but by a new breed of hackers supported by organized crime, nation states, and terrorist organizations. Device developers must respond by taking a more holistic approach to device security—one that considers security issues at every layer of the development stack—from silicon to virtualization to the operating system, the network and communication stacks, and the application layer.
Securing Embedded Devices
The recent surge in embedded device development has been remarkable. Around the globe, embedded products that control critical infrastructure are increasingly becoming intelligent, transforming from simple standalone to complex, autonomous connected control and monitoring. Today’s embedded products are interacting not just with us—expanding our ability to communicate and share information—but with each other. They control smartphones; smart meters for our public utilities; industrial automation controls; transportation and oil and gas systems; communication networks; and mobile medical devices that literally keep people alive. Machine-to-machine interaction, delivered by ever smaller, ever smarter components, allows for new levels of sensor- and control-enabled analytics, revolutionizing business and government operations.
The sheer number and autonomy of these devices is also mushrooming. It is estimated that there will be more than 50 billion connected devices in use by 2020. Unfortunately, the rapid growth in embedded products is accompanied by an upward spiral in security threats. Each new device on the network is potentially the next weakest link. According to McAfee, more than 55,000 new malware programs and 200,000 zombies are uncovered every day, more than 2 million malicious websites exist, and new forms of attacks and exploits arrive daily. All these security threats are now accelerated by connected devices.
Equally alarming, security exploits are being perpetrated by a new breed of hackers. It’s not just smart kids trying to breach a firewall for sport anymore. Very professional, well-funded groups—including organized crime, government agencies, and terrorist cells—are finding security openness through embedded devices, and in very creative ways. They’re attempting to crack into secure networks, access sensitive information, and alter the behavior of safety critical systems, causing physical harm to equipment and potentially putting lives at risk. This is no longer the creative plot of the latest action and science fiction movie from Hollywood. It could be the foundation of future preemptive cyber-warfare.
Despite the ever growing federal, state, local, and industry-specific security regulations and compliance requirements, cyber-attacks continue to succeed, as evidenced by several recent high-profile cases. In short, embedded devices have now become the targets of organized crime, nation states, and terrorist organizations looking to disrupt or destroy what was thought to be highly secure, well-protected infrastructure. And the costs of a security breach in these systems can be enormous. Major underpinnings of our economy and our infrastructure depend on embedded systems. A single successful attack can jeopardize everything from critical public services to the quality of health care. Ultimately, mission-critical activities and human lives are at stake in securing embedded devices.
Addressing Evolving Security Requirements
The key to preventing the new breed of security threats is to take a complete platform perspective rather than a piecemeal component approach to addressing security. Embedded device developers need to consider security issues at every layer—from hardware platforms and virtualization technologies to the operating system, the network stack, or other communications middleware, packets of data being sent across the network, and purpose-built applications required to support device functionality.
The first step is to conduct an end-to-end system security threat assessment that looks at security issues not just from the developer’s viewpoint but from the perspective of manufacturers, operators, and end users.
At the manufacturing level, for example, security needs to become an integral part of system design, specific technology selections, application development processes, and even application management tasks such as patching and upgrades. For operators, security threats inherent in configuration or customization must be analyzed and addressed. Software management, updating, and provisioning processes must also be designed with security in mind. At the end-user level, the assessment should include security threats that can be introduced by the end user, such as malware, viruses, worms, and trojans, all of which can affect reliability and performance.
The security assessment must also look at potential vulnerabilities at each layer: virtualization, operating system, network stack, middleware, and application layer. At the virtualization or operating system layer, for example, developers need to be aware of how hackers seek to exploit an OS. Once these vulnerabilities are understood, it becomes possible to use specific techniques to thwart attacks.
Securing the Software Stack
The next step is to drive security protection across the device system software stack—from silicon all the way to the application layer:
? Silicon: At the silicon level, there is an opportunity to embed technologies such as virtualization, trusted delivery, trusted boot, and others into the firmware of a chip to provide additional levels of trusted delivery and boot, interface and control separation, and trusted memory segments, augmenting the robustness of the operating system.
? Hypervisor: Virtualization technologies can be used in unique ways to bolster security by the use of separation. Typically, many developers think about virtualization and its enterprise use cases of sharing system devices. However, to increase security in embedded devices, virtualization is being used more and more to separate device use, separate human machine interface (HMI) operating systems from the control operating system, separate the physical interface from the control operating system, and so on. This added use of separation within device designs can provide significant security improvements.
? Operating system and communications stacks: Operating system selection has become crucial for today’s highly connected devices. The OS and communications stack should comply with the latest security requirements defined for the desired use. In addition, these products should be certified against market segment security validation suites; for example, industrial control device developers should look for OS/stacks validated against the Wurldtech Achilles certification. The Achilles program assesses the network robustness of devices and platforms and certifies that they pass a comprehensive set of security tests.
? Applications: Applications need to be developed from the start with security in mind. Applications can take advantage of new technologies being developed to aid in security robustness, by leveraging “gray-listing” or white-listing. Either way, developers need to design applications with strict security principles; otherwise, the device applications they deliver may be used as back doorways, ultimately for malicious use.
Increasing Importance of Certification
At every level, developers should be looking at ways to incorporate security design principles and associated security-certified run-time components: certified operating systems, certified network stacks, and certified middleware. Certification provides an independent validation from a trusted expert that a given component or platform meets specified standards and is conformant with specified requirements. It also provides a benchmark that can serve as a basis for comparison.
Dozens of equipment manufacturers have started to require certified assurances, given the increase in government regulations that are now being required in many markets and associated devices.
Clearly, it’s time for a paradigm shift in embedded development. And in this case, a true paradigm shift begins with a fresh perspective about the importance of security—not just as a bolted-on feature, but as a built-in attribute of next-generation embedded devices. Simply put, developers need to design and architect embedded products to address security challenges before they become pervasive security problems.
By taking a platform perspective to security, and by harnessing the efficiencies of cyber-security-certified components, you can cut development costs and time frames while actually decreasing overall security risks. And that’s more than a paradigm shift for embedded developers. It’s a true transformation that delivers more secure infrastructure, stronger financial results, greater peace of mind, and a better way of life.