sb-nz logo
Story image

Revealed: Best practices for embedded systems in a world of cyber attacks

The Trusted Computing Group (TCG) today released its latest guidelines and best practices for software and firmware updates for embedded systems, in response to the rapid advancement of cybersecurity for embedded systems and the Internet of Things (IoT).

Firmware and software updates are of increasing importance, says TCG. Attackers constantly target the firmware and software in embedded systems, such as appliances and connected door locks, searching for vulnerabilities to exploit in order to establish a permanent foothold on the device. 

As a result, designers of embedded systems (ordinary items with an embedded computer) must be prepared to deliver firmware and software updates that customers must promptly install to ensure these connected devices remain secure.
 
By following best practices for a regularly updated embedded system, manufacturers can keep their products secure throughout the lifetime of the products, not just when they are purchased. 

As a result, manufacturers can avoid bad publicity, recalls and other problems caused by infected machines.
 
“The state-of-the-art in information security is advancing rapidly and this is even more true for embedded systems security,” said TCG chair of embedded systems workgroup Steve Hanna.

“We must constantly raise the bar in the way that we build and maintain these systems so the defenders can stay ahead of the attackers.”
 
Driven by functionality, convenience and profit for both the manufacturer and the user, network-enabled embedded systems (IoT) are found in an ever-widening number of smart applications and platforms, including automobiles, household appliances, industrial systems and medical equipment. 

Increasing network connectivity in such devices allows for advanced feature sets, increased awareness and response and faster patching and updating of system firmware and software. 

However, this network connectivity also results in new threats and potential issues that never previously existed in platforms.
 
The Stuxnet virus in 2010 that compromised programmable logic controllers (PLCs) used in the Iranian nuclear program is a prime example of the scale of an attack that can occur if embedded systems are not secure. 

A similar attack was also successful against the Ukrainian power grid in 2015, resulting in temporary power loss for 225,000 individuals. 

Both incidents illustrate the potential impact of cyberattacks against embedded systems in critical infrastructure and both took advantage of weak software update mechanisms.

“As we put greater trust in things like autonomous cars, smart homes and healthcare sensors, we need to take steps to make sure connected devices are tightly secured to protect them from data breaches and hackers,” says Hanna. 

“Over the years, TCG has developed a range of technologies to address the challenges faced by the industry, resulting in widely deployed, proven solutions. 

“These open standards are the ideal option for delivering the security needs for embedded systems as we move towards a world where everything is connected.”

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More