White Papers

Cybersecurity and Secure Deployments

Issue link: https://resources.windriver.com/i/961752

Contents of this Issue


Page 2 of 5

CYBERSECURITY AND SECURE DEPLOYMENTS 3 | White Paper THE GROWING THREAT Sophisticated cyberattacks are proliferating globally. Today, with the expansion of the Internet of Things (IoT) and device connectivity, cyberattack targets extend beyond defense and IT to critical infrastructure, aerospace, automotive, healthcare, heavy industry, transportation, and communications—virtually any segment in which there is digital information to steal or misuse, or where there is potential for operational disruption or damage. Protecting critical systems from network-borne threats and preventing the deployment of infected systems are priorities for both government and industry. Technologies are available today that can give security engineers a considerable advantage in combatting threats. First, though, let's review the current model for cybersecurity research and development. CYBERDEFENSE: DECONSTRUCTING ATTACKS Cyberdefense refers to the effort to find ways to protect systems against attacks, including analyzing how attacks happen, how they work, how they play out over time, and their effects, as well as developing countermeasures. Understanding the nature of attacks and uncovering system vulnerabilities is critical in developing effective defense mechanisms. Defense against cyberattacks involves two primary activities: • Defense deployment: Designing and deploying a coordinated set of protection capabilities, configuring those capabilities to deliver the required protections, verifying the defenses, and maintaining the capabilities with their proper configurations. • Forensics: Investigating how an attack happens, what the attack intends to accomplish, how the intruding element behaves, and how the attack element works. Understanding the nature of an attack in detail is key to developing appropriate cyber countermeasures. Developing, deploying, and testing effective cyberdefenses in embedded devices is particularly challenging. Embedded devices typically have resource constraints such as limited compute power and processing capacity. They are often designed for a single, unique purpose and employ less widely used busses and interfaces. Setting up test labs to perform system-level cyber testing on a representative set of devices at scale poses logistical and cost challenges. It is also difficult to perform security tests on live systems without "freezing" them entirely, which is not easily accomplished since most systems need to be available at all times. In addition, there is often no backup or redundant service available. While it may be possible to shut down one hardware node and keep the rest of the systems running, this may distort system behavior and therefore not be indicative of how a security measure will perform in a real attack scenario. Testing cyberdefenses entails such techniques as fuzz testing, or automated testing that injects invalid, unexpected, or random data into a system to determine causes of system failure, and penetration testing (or "pen test"), which involves attacking a system to uncover security weaknesses, gain access to data, and take over or prevent system functions, and then reporting findings to the system owner. System operators may not even realize they are under attack. Sophisticated attacks can develop over a long period of time, with seemingly random events that in isolation seem harmless, but collectively and over time can cause damage. The cyber chase can be elusive—smart attacks may initially appear as random and simple bugs. Cyberdefense teams must develop countermeasures that are constantly active, that can detect and prevent attacks, and that report attempted attacks to the security team. Forensics is essentially a form of reverse engineering— investigators work their way backward to identify the root cause of an attack. But many sophisticated attacks are designed to prevent reverse engineering—they burrow and hide below the OS level, in the BIOS or firmware. These attacks may also delete traces of themselves so there is little left for a forensics team to find once the attack becomes exposed. In some cases, attacks can even detect whether they are being analyzed, and change behavior to avoid discovery of their true nature. INVESTIGATING ATTACKS AND DEVELOPING DEFENSES IN A VIRTUAL ENVIRONMENT So how can you perform forensics if sophisticated malware is designed to thwart attempts to investigate? How can you detect and remedy vulnerabilities in critical infrastructure systems composed of special-purpose embedded devices? How, in effect, can you become smarter than intruders?

Articles in this issue

view archives of White Papers - Cybersecurity and Secure Deployments