PORTLAND, Ore.—Embedded system designers today optimize mainly for performance and footprint, but with the rise of Internet-enabled devices, security has become the third leg of the embedded design process. As a result, embedded design organizations are adding security specialists that can both architect and mentor on implementing best-practices to meet security requirements. This heightened focus on security in embedded systems design is expected to emerge as one of the main themes at next month's ESC Boston.
Real-time operating system (RTOS) specialist Wind River Systems Inc. (Alameda, Calif.), for instance, is collaborating with cyber-space security expert McAfee Inc. (Santa Clara, Calif.) to redefine design methodologies for embedded systems that are virtually immune to hacking. Wind River and McAfee are both owned by Intel Corp.
"For over three decades, embedded systems designers only thought about performance and footprint," said Marc Brown, vice president of tools and marketing operations at Wind River. "Today, however, security has got to be considered from the very start of any embedded design process, and there are lots of security best-practices already established."
Internet-enabled devices have already let the bad guys into cause havoc with machine-to-machine interactions among industrial automation controllers, oil and gas process control computers and environmental sensor networks, all of which are accessible today using a range of devices including smartphones, smart meters, connected automobiles and even medical implants.
Wind River recommends four layers of security, from application programmers interfaces to prevent bypassing security, to certified systems that detect corruption, to white-listed applications that won't execute malware, to encryption and user-authentication to protect data.
Many reported hacks of these devices have already accessed and damaged industrial control systems, including the Stuxnet worm which was discovered last year at the Natanz nuclear site in Iran, where it caused damage to centrifuges enriching uranium. Stuxnet gained access to the Supervisory Control And Data Acquisition (SCADA) system, which in Iran only affected its centrifuges. But SCADA systems similarly control public utilities worldwide and could cause untold destruction to power grids, for instance, if their security is not hardened.
Stuxnet was written by professionals, according to McAfee. But even amateurs are gaining access to embedded systems, according to Wind River, which cited a teenager in Poland who recently modified a television remote to control railway exchanges, causing at least one derailment that injured a dozen people. Likewise, a disgruntled Texas Auto Center employee was reported to have hacked a web-based system to remotely disable the starting mechanisms and sound the horns on 100 connected vehicles. And an infected laptop recently permitted entry into a water treatment plant in Harrisburg, Penn., allowing spyware to bypass security systems there.
As the article shows, securing embedded designs is an important activity. Hacking of these systems which were traditionally insecure is becoming more pervasive. There are resources available for developers and designers at the Intel Embedded Community: http://bit.ly/o0EJnb (Disclaimer, I work for Intel in the Embedded Communications Group.)
The recent incident of security breach into the control and SCADA system was an eye opener for the PLC/DCS and SCADA system companies. I think nobody imagined that their control system could be hacked and the PLCs will be commanded be the hacker's logic configuration. Definitely, security will be the hot topic for the embedded system engineers going forward.
Larry is absolutely right. But at least recognizing that there is a security issue and taking action to do something about it is a step in the right direction. Hopefully we'll see more rigorous steps soon.
Years ago we worked with a vendor of credit card authorization boxes, the kind used by retail outlets. They not only hardened against the kind of weaknesses described here, but also guarded against cracking open the case and externally sensing credit card numbers or PINs. Embedded systems may also require physical security guards.