Securing Legacy Embedded Systems in the IoT
December 06, 2016
The rapid expansion of the Internet of Things (IoT) is transforming our national infrastructure and that of the whole world.
With embedded connected devices now running the national grid, water supplies, transit systems, and more, this expansion has taken place so fast that it has badly neglected security. Even if we start installing well-secured devices today, it is not practical or even possible to retrofit or replace those already in place. Today’s IoT devices not only connect to each other and to control systems; they also form part of larger applications that absorb huge amounts of data in order to make intelligent decisions affecting vast numbers of devices and people. We can’t put the genie back in the bottle, so what do we do?
Security for legacy embedded systems is a huge problem that involves not only device manufacturers, but also application developers and end users. For example, the denial of service attack in October 2016 that took out services including Netflix, Twitter, and PayPal took advantage of a simple consumer oversight: it looked for consumer devices such as routers and webcams where users had neglected to change the default passwords and then invaded these connected devices with devastating effects.
Start with risk assessment of the connected world’s “soft underbelly”
While it is important that the design of new devices must build in security from the ground up, getting a handle on security for legacy systems will require a careful approach aimed at the software and its connectivity, which form the “soft underbelly” of this connected world. This means performing risk assessment that looks at the overall application from device to cloud with an eye to the critical components and their coupling requirements, such as those between a given device and the rest of the system. In addition, examination of the coupling requirements must look at both data and control flow. Important questions include:
- Who relies on information from that device and what does the device rely on from the outside world?
- How does the system respond to events and who can access certain elements within the devices and the system?
- If a given device comes under attack, what are the potential effects on other elements in the overall system?
Understand the distribution and levels of vulnerabilities to build a security strategy
Understanding the distribution and levels of vulnerabilities can help lead to a strategy for improving security of the overall application and system. One means might be to build in a layer that translates between newer security protocols and older protocols used by the legacy systems. While this might slow down performance somewhat, it might be a step worth taking in light of the cost of a breach. Cost is definitely a part of the overall analysis.
For example, the smart grid already has a huge number of smart meters that lack security. While it is not possible to simply replace them all, it is possible to protect the data concentrators — the edge devices — in the neighborhood through which the meters ultimately communicate with the utility. Understanding and checking the validity of the data coming from the meters can help protect other layers of the network and possibly prevent attacks from reaching vital parts of the utility.
For new devices, build in security from the ground up
At the device level, building in security means selecting a secure operating platform in terms of hardware and operating system. But this should be done with a view toward establishing a chain or route of trust for connectivity and to assure that the software is running on a secure image (firmware, device drivers, protocols, etc.) with no vulnerabilities. As noted, the device manufacturer, the OEM, and the application developer all have levels of responsibility to develop and maintain high-quality software and to assure that data is secure both at rest and in transit. Assuring this means adherence to security and coding standards for the overall application and the ability to test and verify the code with a comprehensive set of tools.
Our intelligent, connected infrastructure is here to stay—and it’s growing
It is vital that our intelligent, connected infrastructure be made as secure as possible while realizing that security is never absolute. Attention to and understanding the overall connectivity and control needs of the software supporting this interlinked world can go a long way toward making it a much safer world.