IoT devices and networks are proliferating at an amazingly rapid pace fuelled by post-COVID’s economic recovery and capital investment. However, this proliferation is expanding the threat surface, and exposing the edge of our networks to a significantly greater risk of cyberattack. As the popularity of the IoT increases, a growing number of critical infrastructure and systems are being targeted because of their high value to attackers (i.e., can extract large ransomware payments). The results are devasting: breaches of Personal Identifiable Information (PII) data, financial impact, compromises of physical safety, and even complete shutdown of factories and critical infrastructure. The experts’ consensus is that developers should regard attacks as inevitable and plan to put pre-emptive and responsive cybersecurity systems in place, in addition to preventative ones.
Recognizing the risk of malicious attacks, the US Department of Commerce’s National Institute of Standards and Technology (NIST) released draft guidelines (Recommendations for Federal Vulnerability Disclosure Guidelines) in June this year.
NIST is working with other government agencies, including the Department of Defense and the Department of Homeland Security, to receive and disseminate IoT cybersecurity vulnerabilities to government agencies and the public.
According to the authors: “Reporting known or suspected security vulnerabilities in digital products is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities”.
Cyberattacks can take many forms and target both system hardware and software. These attacks range from malware software that can access a network to gather data or disrupt operations, to hardware attacks that can cripple networks as they attack data processing and/or computational performance.
Begin at the Beginning
In new product design, the recommended approach is to define cybersecurity requirements and strategy during initial product requirement definitions. Once these are defined, the lifecycle of the product should also be a consideration: how will it be used, how will its use evolve over time, and how will it be retired at the end of its life so it’s secrets are not exploited to compromise operational systems? Next, developers need to consider how vulnerabilities will be addressed in the field. Flexible software updates are required to allow for updates that accommodate changes for both working practices and to incorporate security updates that remediate newly identified vulnerabilities, with minimum downtime. Different products and application cases will vary depending on connectivity and the risks involved. The old ‘sneaker net’ is still in wide use in some industries to update equipment but with ever-increasing connectivity and security protocols, secure remote updates should be strongly considered upfront. Maintenance of a secure and updatable fleet of devices is ideal.
WINSYSTEMS’ ecosystem of partners is able to provide security controls for protection and secure updates via toolchains, libraries, and security patches. For example, partner BG Networks has a Security Automation Tool BGN-SAT, which can be used to implement security controls, such as secure boot, encryption, authentication, and generation of keys, in a fraction of the time. There is no complex cybersecurity coding required, meaning that it can be used by embedded design engineers, even if they do not have any cryptographic expertise.
BGN-SAT can be integrated with software that the company has made available as open-source code called BGN-ESSA (Embedded Software Security Architecture) to extend a hardware root of trust to higher layers of the software stack and to integrate an Over-The-Air (OTA) software update manager. OTA updates are delivered via the open-source Mender.io project’s server with automated deployment across all connected Linux devices. Applications on the device continue to run as the device is rebooted.
Hardware Protection
There are many tools an embedded developer can use to protect hardware within the IoT and at the Edge, which can be particularly vulnerable. For example, they can employ unique, cryptographically secure identifiers which are used to authenticate the validity of a device requesting access. There are methods to protect access to secrets such as encryption keys that unlock encrypted data or developers can partition the processor to create protected areas that store and shield data within them. An example of this is TPM 2.0, which protects secure identifiers, encryption keys, and other sorts of data from hackers using remote networked-based, local logical interface, and side-channel attacks. These TPM devices can be configured so that the secrets they contain cannot be extracted.
WINSYSTEMS’ broad ecosystem of partners also means that embedded boards integrated within the Industrial IoT can be populated with trusted hardware and deployed with confidence around a network or infrastructure.
For example, the industrial Pico-ITX Single Board Computer (SBC), the IPX-P-C444 has on-board TPM 2.0 and secure boot functionality. The SBC is based on NXP’s i.MX8M application processor which is enabled with Arm’s TrustZone embedded security technology. TrustZone sets up a secure environment, in addition to the environment that applications run in, on a single processor core. It physically allocates and isolates parts of the processor memory, peripherals, and other resources so that cryptographically sensitive operations, such as encryption run securely. In addition, the processor’s cryptographic hardware accelerators can encrypt communications and data at rest, which further strengthens the security of industrial embedded systems and operations.
Another SBC, the SBC35-427, is based on the Intel Atom Apollo Lake-I E3900 processor which integrates TPM 2.0. The SBC’s BIOS is AMI-UEFI (Unified Extensible Firmware Interface), which supports secure boot to ensure the bootup process is valid, has not been affected by malware, and ensures the process starts with and can always be reset to a secure starting state.
Another module is the COMeT10, which is also based on the Intel E3900 processor. The industrial COM Express Type 10 Mini module is Linux, Windows 10 and x86 OS-compatible and supports custom-configurable UEFI-based AMI BIOS for secure boot.
Plan and Prepare
Cyberattacks are omnipresent and any weaknesses will eventually be exploited by malicious and unscrupulous hackers to disrupt operations or compromise networks.
Design must begin with the premise that a cyberattack will be attempted and proper security strategies must be employed and maintained. There are many areas to consider when designing for an industrial embedded system, not least the expected application and life cycle to consider how malware or denial of service can affect operation.
Checking and verifying identity or authenticated use is one route. Isolating and protecting hardware areas and their contents is another. Design precautions should be combined with continual vigilance so that vulnerabilities can be identified and resolved or secured with updates and fixes – all with minimal interruption to operation.
As the NIST guidelines show, comprehensive protection takes a concerted effort from many agencies and specialist engineers working together. In addition to a proven track record in providing highly reliable and secure embedded solutions, WINSYSTEMS has developed an ecosystem, with industry leaders, like BG Networks. The pairing seamlessly integrates software development tools and cybersecurity features into a single, comprehensively secure and reliable system, designed to meet a wide range of industrial application needs.