Cyber attacks on critical electrical systems are no longer the subject of science fiction; they are a real and growing danger. Just as the Internet has accelerated product development in many industries, it has also made it easier and less expensive to design malware. In a recent survey commissioned by McAfee and conducted by the Center for Strategic and International Studies, 80 percent of 200 IT executives in charge of security for utilities reported their organization had experienced large-scale cyber attack threats, and 70 percent said they frequently found malware designed to sabotage their systems.[1]

By building and operating a communications infrastructure according to established best practices for network security and working with proven network operators and cellular vendors, it’s possible to secure every aspect of the communications infrastructure, from locking down wireless endpoints to implementing real-time, network-wide monitoring and threat defense.

Moving management to the cloud

While top-level security is a primary consideration, the question remains regarding how best to deploy, service, and maintain a number of remote Machine-to-Machine (M2M) devices. Field technicians can only do so much, and product recalls in any industry can be crippling.

Twenty years ago, IT departments faced similar difficulties managing PCs. When it came time to install a new operating system or update application software, a trained technician would have to visit each PC in person and perform the update. It was time-consuming, costly, required several personnel, and disrupted regular work routines. But it wasn’t long before IT professionals found a better way – using a centrally located data center and managing everything remotely from the cloud. Whether an update involves the entire company or just a branch office, everything can be handled quickly and securely using the cloud. It’s a secure, scalable, and time-saving approach that lowers operating costs. Today, that same idea of cloud-based management is being used for M2M applications.

Building on the concept of over-the-air updates, which were already possible on a one-to-one basis, the next step was to scale it to the point where thousands of devices could be configured simultaneously. While this seemed simple enough at first, the issue of security surfaced, making the task at hand much more complicated than initially envisioned. Updating thousands of devices at once requires a complex interaction of several elements, including servers and other network components not directly controlled by a wireless vendor. Scaling to thousands of devices thus demanded that security risks be eliminated.

Further work led to the development of end-to-end systems such as AirPrime Management Services from Sierra Wireless. Through ownership of the portal hardware and a proprietary embedded software agent, security is ensured throughout the entire process (see Figure 1).

 

 

Securing, monitoring, and managing communication

The material being transmitted over the air often represents a company’s intellectual property and can include consumer data that must be kept private. The first step in maintaining security is to utilize field-proven technology based on industry standards such as the full IP architecture and the Open Mobile Alliance Device Management (OMA-DM) protocol. To prevent unauthorized access to the account, a one-time password (RSA key) is required. Mutual authentication ensures that the correct components are involved, confirming that the system is communicating with the right server, device, and software.

Algorithms ensure that the new software code complies with all the required security elements and presents the correct software signature. Transmission monitoring is also built into the system, so if a download is interrupted due to bad network conditions, the system automatically retries the download later. As added protection, a fallback and recovery mechanism can revert software to the previous version if an update causes problems in the customer application.

End-to-end systems allow devices to be separated into groups, using categories for function, geographic region, or any other user-defined criteria. These services provide a means to monitor and diagnose devices remotely, implement firmware and software upgrades, and transmit AT commands over the air.

The ability to send AT commands over the air allows one device or a set of devices to be configured, a configuration to be set, or a command like reset to be executed without sending a technician into the field. An AT command is processed by the embedded module at its reception during the session with the Management Services server. Once the command is executed, results are sent back to the server and can be acted on from there.

A dashboard (Figure 2) within the portal displays information on device status, configuration, and operation, providing a clear view of a device’s activity and state and monitoring parameters such as the number of SMS sent and received. More than 70 parameters relating to device operation can be tracked and monitored.

 

 

An added benefit of implementing the portal is that can be used to manage subscriptions (such as activation and billing) or assets. Depending on the application, this growth opportunity could add value to M2M deployments.

Lower costs, greater safety

End-to-end M2M management services offer companies with M2M deployments a viable, proven solution that lowers the costs of cellular M2M development and deployment as well as the costs of maintaining and upgrading devices over an extended lifetime. Systems built with expert consideration of the risks associated with managing large-scale installations help ensure the safety of sensitive corporate assets.

References

[1] Stewart Baker, Natalia Filipiak, Katrina Timlin, “In the Dark: Crucial Industries Confront Cyberattacks,” April 2011, Center for Strategic & International Studies. www.mcafee.com/us/resources/reports/rp-critical-infrastructure-protection.pdf

Jacques Suire is software project manager at Sierra Wireless.

Sierra Wireless [email protected] www.sierrawireless.com

Follow: Twitter Facebook Google+ LinkedIn YouTube