Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, June 20, 2008

Threat of an embedded security disaster

For many years, embedded systems have been quietly working behind the scenes of almost all modern technologies, from automobiles to factory floors to space exploration missions.  Just as the early networked desktop PCs and servers were unprepared to address the new security implications of network connectivity, today’s embedded systems present a significant new security concern, which must be addressed immediately and systematically.  Some of the critical security issues presented by modern embedded systems are: Diverse network-connected embedded systems use combinations of custom and COTS software, the details of which are typically known only to the vendor of each embedded device, making vulnerability assessment, risk analysis, and patch management difficult.

Many other protocol implementations are built entirely from scratch, and have not benefited from years of public analysis and repeated attack, resulting in unproven protocol implementations that may be vulnerable to attack.

Even when vulnerabilities are identified, patches must be developed for each device or device family by the vendor, requiring tight collaboration between embedded software developers and the OEM’ s building devices based on the developers’ software.

Posted on 06/20