By: Alan Grau, Icon Labs
Built-in security capabilities such as secure boot, data encryptions, security protocols and authenticated logins are critical for protecting against cyber-attacks But broader device security can be had when next-generation devices include situational awareness that integrates with a management system to report cyber-attacks, physical threats and device status.
Device Situational Awareness
When we think about security for embedded devices, most of us think about security designed to protect the device from hackers. Another aspect of security that is largely overlooked is situational awareness. Many military devices, from drones to tanks to radios, are not deployed in a fixed location. The question “Do you know where your device is?” is a serious and important one and represents a much broader view of security than that provided by today’s point solutions for embedded devices.
Situational awareness is the ability of a device to maintain information about itself and report it to a security management system or a Security Information and Event Manager (SIEM). This includes basic information such as system uptime, IP address, MAC address and device name, along with status information about the device (see Table). Device-specific information should also be included. If the device has GPS capabilities, location should be reported. For a vehicle system, information such as fuel status, speed, air temperature, engine data and tire pressure should be included. Information on any attacks detected by the security layers protecting the device would also be reported.
Situational Awareness data provides a complete view of the device status, allowing attacks to be reported to a centralized management system.
Collecting and reporting this information to a management system allows us to take a wider view of device security by than was previously possible. Cyber-attacks can be detected and tracked by reporting of unauthorized login attempts and firewall rules violations. Physical attacks can be detected by reporting if the device’s enclosure was opened. GPS location tracking can be used to detect a stolen device.
The engine status, tire pressure and fuel level information reported from a vehicle system can also be used to monitor for broader threats. Detecting pending problems with engine status or fuel levels of a vehicle operating in a hostile theater is a potentially critical security issue. If the vehicle fails deep in enemy territory the security of the vehicle along with the equipment and personnel on board is certainly at risk.
Implementing Situational Awareness
Situational Awareness has to be delivered as an integrated part of a RTOS-based systems. This requires adding software to the system that will collect information from the device, store the information, and then forward the information to a management system or SIEM either upon request or at scheduled intervals. By adding these capabilities to a new military vehicle system, the system could then directly report status information to a management system.
Security along is no longer sufficient for today’s mobile and portable devices. These devices must be able to report their status, location and if they have been attacked to a centralized management function. Without this reporting, you don’t really know if your device is safe.