Joerg Borchert, vice president of chip card and security ICs at Infineon Technologies North America, will take the stage at ESC Boston later this month to deliver a message to embedded systems designers: you are in an arms race with potential attackers.
Borchert, who will deliver a keynote address at the conference on Sept. 27, said he will provide details about what types of attacks can be done physically to microcontrollers today, based on his experience in microcontroller security, and talk about some of the ways embedded systems designers can go about mitigating risk. But will Borchert is a proponent of certain techniques, he stresses that no approach to security is bullet proof.
Borchert said his talk will touch on two prominent cyber attacks against embedded systems that resulted in physical damage. The most prominent of these is the Stuxnet computer worm, believed to be have been created by elements of Israeli defense forces with possible involvement by the U.S., which caused significant damage to Iran's nuclear program. The second attack Borchert plans to touch on is an alleged 1982 attack on a natural gas pipeline in the Soviet Union which resulted in an explosion (some dispute exists about whether this attack, alleged orchestrated by the U.S. Central Intelligence Agency, actually occurred). Both attacks used vulnerabilities in supervisory control and data acquisition (SCADA) systems, which control a lot of infrastructure worldwide, Borchert said.
Assuming that the 1982 attack actually occurred, we've been living for 30 years in an era when cyber attacks have the potential to commit actual physical sabotage to equipment, Borchert said.
"Stuxnet is something which used a controlled system which was in place for quite some time," Borchert said. "We have lived under the impression that the industrial control systems are detached from the PC world and are pretty controllable. As has been proven in the past five to six years, this is not the case. Designers have to think about how to mitigate possible attacks in their systems."
Borchert stressed that designers must obviously consider the risks involved with potential attacks on their systems when implementing security. "If the washing machine controller is getting attacked, I would say that the risk is relatively limited," he said. "If we are talking about control systems for water supply or gas supply, then it is a different equation."
One relatively straightforward approach to mitigating the potential attacks is to incorporate security controllers, which act as a kind of watch dog, overlooking the system's integrity when it's in operation, Borchert said (Infineon markets security controllers). But he stressed that such ICs, while mitigating risk, are not a magic bullet. Embedded systems can be in operation for 20 years or more, and technology is always evolving, he said.
"There is no absolute security," Borchert said. "We are in a race with attackers."
Borchert classifies attackers in four different classes—students, IP companies who identify system vulnerabilities in order to sell IP, organized crime, and state-sponsored attackers. Of these, the second two are the ones to worry about, Borchert said. "We are in a constant arms race with attackers," he added.
Though the sophistication of attacks is constantly increasing, Borchert believes it is possible to design embedded systems that will remain at relatively low risk of attack even if they will be in service for more than two decades by making them security upgradable.
"The principles of attack basically stay the same," Borchert said. "If you apply computer security principles and take embedded software into consideration, you have a chance to stay ahead of the game."
ESC Boston, the East Coast version of the embedded world's twice yearly event, will take place Sept. 26 though 29 at the Hynes Convention Center in Boston.