Cybersecurity, IoT, and Embedded Systems: Reducing Risk with Pen Testing

Cybersecurity burst upon the embedded systems landscape in 2016 when the infamous Mirai Internet-of-Things botnet took down major websites using hundreds of thousands of compromised IoT devices.1 Mirai was possible because IoT developers didn’t include security high on the list of design requirements for their low-cost, widely deployed products. This was a wakeup call for embedded developers, whose systems were among the first to have to coexist with Industrial IoT (IIoT) devices.

Worse, critical embedded systems proved vulnerable to cybersecurity attack sooner than anyone had expected. Shortly after Mirai a U.S. Department of Homeland Security (DHS) Cyber Security Division team demonstrated a remote hostile penetration of a Boeing 757, using off-the-shelf hardware and software that readily passed through airport security.2 And as recently as August of this year, DHS issued an alert warning of hacking vulnerabilities in Controller Area Network (CAN) data busses used on some large aircraft.3

Cybersecurity threats reach beyond aviation: automobile automation of emergency braking, collision warning, and other driver assistance technologies are already widely deployed. Building automation systems have already been subject to “cyber-ransom” attacks that cost tenants millions of lost operating hours.

To complicate things, embedded systems specifications such as DO-178C/278A, dating from 2012, barely touch on today’s cybersecurity vulnerabilities, and automotive systems have no governance at all4 , giving developers little guidance for coexisting in a mixed-criticality environment where malice may be afoot. As system complexity grows, attack surfaces between interoperating systems increase exponentially, across new bus architectures, HMI, IP networks, data protection, both at rest and in transit.

Previous Video
Powering Automation and Intelligence for Manufacturing, Robotics, and Energy
Powering Automation and Intelligence for Manufacturing, Robotics, and Energy

In the competitive global economy, the industrial market segment must make its business more agile, efficie...

Next
Modernizing Energy Production and Automating Processes
Modernizing Energy Production and Automating Processes

In an era of rising energy demand, multiple challenges confront electricity utilities, energy producers, sy...