Embedded products are becoming ubiquitous in our world. Furthermore, they are being connected to the Internet in increasing numbers. This connectivity provides greater functionality that people want, but connectivity also leaves these same devices vulnerable to cyberattack.
Many, if not most, embedded devices connected to a network are not protected by any cybersecurity system, as is the case within an enterprise or other managed network. So, these devices must fend for themselves when it comes to cyberdefense. Even if they are within the management domain of a cybersecurity system, they still do not get the level and kind of cyberprotection that the need.
The prominent mechanism of cyberdefense in use today is based on the concept of “detect and restore”, where cybersecurity monitoring systems constantly look for adverse cyberevents on a network. Then, when a cyberattack is detected, the affected device is quarantined, the attack stopped, and the device restored to some kind of “good state”. This method was developed in the enterprise world of desktops and servers, where that kind of interruption is annoying, but somewhat tolerable. These methods are now being applied, in the same manner, to embedded systems.
In the embedded world, systems require a higher level of robustness than enterprise systems, where embedded systems must continue to operate correctly in the face of adverse conditions. Often, embedded devices are used in mission critical systems such as industrial controls, medical device, or aerospace applications. These systems can’t tolerate being compromised by a cyberattack that could lead to aberrant behavior, let alone being taken offline for restoration after such an attack.
Embedded systems usually don’t exist solely as computing systems that only process data as do enterprise systems. Instead, embedded systems usually control some physical system that produces real-world, physical effects. For instance, an infusion pump used to administer medication, needs to reliably apply the correct amount of medication at the correct rate. An error in the functioning of such a device could be fatal to the patient to which it is attached. In cases like this the traditional enterprise cybersecurity method of “detect and respond” simply does not work. In this example, the infusion pump controller could be remediated to a “good state” after a cyberattack, but what about the patient who died as a result of that attack?
The embedded system doesn’t just need monitoring for cyberattacks, it needs to be immune to cyberattack, so it can continue to perform its job uninterrupted. The embedded system developer must therefore include effective cyberdefense mechanism in their products when they are designed. Embedded systems need to be hardened to make them immune to cyberattack. That is, they must robustly, and reliably, continue to operate as planned in spite of a cyberattack directed at the system.
Most cybersecurity professionals will tell you this is not possible. Indeed, they will scoff that any such efforts are a waste of time. But they do so because of the context of their training and experience, which is in the enterprise rather than in the embedded world. Enterprise systems are fundamentally different from embedded systems, as they are typically built on general purpose machines and support a wide variety of functionality. These systems must support a wide variety of applications, data formats, and protocols do to the changing use of these systems that might see email one time, web traffic another time, and billing system data at yet a later time. This very openness and flexibility is also the source of their vulnerability to cyberattack. Embedded systems, on the other hand, are highly specialized having behavior, data types, and protocols that are highly constrained. These embedded system properties form the basis of the security of these systems.
Techniques to harden embedded systems include: constraining interfaces by limiting protocols, data types, and message rates. These also include using protected memory and read only memory for code and fixed values that can’t be changed after installation. The application of mission critical development methods also will reduce the number of allowed paths through the system and the number of defects, the latter to almost nil.
Cognoscenti Systems has embraced these cybersecurity principles for securing embedded systems in the development of its premier product, ControlMQ, which provides comprehensive communications security for controls applications that is unmatched in the field. Now embedded developers can build secure systems without needed detailed cybersecurity training or wrapping these systems with complex, expensive, labor intensive, and poorly matched enterprise cybersecurity systems.