As President Biden’s administration begins its push for $2.9 trillion of investment in critical infrastructure (such as the energy grid, nationwide communications networks and transportation networks) and with the recent news of the devastating DarkSide ransomware attack crippling the Colonial Pipeline in the East Coast, the vulnerability of both existing and proposed systems to malicious actors is once again a hot topic. Indeed, given recent attacks on existing infrastructure, the cybersecurity of embedded systems built into critical infrastructure is perhaps even more crucial than their physical security.
Defending against exploits of such massively interconnected device networks presents a substantial challenge for device developers, code developers, and cybersecurity experts. Operators must monitor embedded systems not only to ensure proper device operation and continuously check for malicious activity. Unidentified faults leading to device failures, whether due to hardware failures or criminal attacks, potentially have large-scale and devastating effects.
Building the most robust and defensible infrastructure requires implementing systems that assess reliability of embedded devices at every level – hardware, firmware, and software. In this article, we look at advances in cybersecurity efforts for the applications that control infrastructure IoT devices and how trends in application performance monitoring affect the design of embedded systems.
Critical infrastructure versus IT infrastructure
Security concerns about the IoT in critical infrastructure are far-reaching, as new infrastructure investments will add millions of embedded connected devices that must be monitored and protected. Every new embedded system and every connection it makes represent an opportunity for an attack.
Figure 1. As millions of embedded connected devices are created, security concerns will become more pronounced as there are now many more devices that must be monitored. (Source: freepik)
Critical infrastructure is unfortunately a vague term. To avoid confusion, let’s define our definitions. The OT, or Operational Technology, refers to the physical hardware that is used to help monitor devices and control any physical processes. The IT, or information technology, refers to the software used to process information within those devices. But the lines between the OT and the IT have increasingly become blurred as the physical world is brought online. The term IoT has been used to refer to this phenomenon.
IT infrastructure is also unquestionably critical to the IoT ecosystem and can be a subset of the umbrella term. For our purposes, critical infrastructure refers to the infrastructure of the Biden American Jobs Plan.
Using the 2001 U.S.A. Patriot Act definition, this includes systems whose impairment “would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
IoT and embedded systems will be primary components of new infrastructure and will enhance the capabilities of existing infrastructure.
While critical infrastructure and IT infrastructure are distinct, the security of both is paramount. Attacks on IT infrastructure are much easier to perpetrate but can have similarly disastrous effects, as seen in attacks on water supply systems in recent years.
Cybersecurity of critical infrastructure embedded systems
Prominent cyberattacks on infrastructure coupled with the general rise in cybercrime has led governments worldwide to focus a great deal of attention on IoT devices and embedded systems security.
Late last year, the U.S. Congress passed the IoT Cybersecurity Act of 2020, which strengthens security standards for deployment of IoT devices by government organizations. While the Act does not broadly apply to all IoT implementations in critical infrastructure, the likelihood is that it will have ripple effects that permeate the industry.
As Congress debated the IoT Cybersecurity Act, the National Institute of Standards and Technology (NIST) released two documents that will guide future IoT security standards. The IoT Device Cybersecurity Capability Core Baseline defines minimal security standards for protecting IoT devices and their data.
The Foundational Cybersecurity Activities for IoT Device Manufacturers outlines the steps IoT device manufacturers should take in assessing what cybersecurity controls to integrate into a device. Continuous system monitoring is a specific area of focus.
The European Union is also strengthening its cybersecurity regulations to address infrastructure threats. Late last year, the EU began considering amendments to its Directive on Security of Network and Information Systems.
Embedded systems developers follow these legal developments as they occur. While they are currently more aspirational than operational, they will eventually lead to specific device design requirements.
Trends in application performance monitoring
For specific ideas on future embedded systems cybersecurity design, developers can look to trends in other IT performance and security areas, such as in network application performance monitoring (APM).
However, the applications that monitor and control embedded systems in critical infrastructure are a target for dedicated hackers. APM will be an essential aspect of maintaining critical infrastructure security. Embedded systems developers should be aware of how APM tools will interact with their devices and how trends in APM will affect embedded systems design requirements.
Streamlining data collection and transmission
Existing networks already experience bandwidth issues dealing with connected devices. Imagine how much worse the problem will become when the number of connected devices increases by an order of magnitude or more. And if network issues disrupt the connection between an embedded device and its remote monitoring system, the device is more vulnerable to attack.
Investing in the services of an experienced and well-educated network administrator may be one solution. Network administration is expected to grow as a career by over 42,000 jobs by next year, and it’s easy to see why. Network administrators are responsible for overseeing the installation of network security systems, implementing improvements in networks as needed, and installing or repairing hardware and software.
Local AI, as discussed before, may be another solution. APM developers are also looking at improved lossless compression methods to ensure transmission of quality data with limited bandwidth requirements. Embedded systems developers need to continue to investigate more efficient onboard data compression algorithms.
Use of artificial intelligence and machine learning
Recent years have seen increased reliance on AI and machine learning to enhance APM. So much so that Gartner defined the field of AIOps. AIOps aims to shift the focus of APM from reactively identifying and correcting issues to proactively identifying issues before they occur.
Figure 2. One of the biggest developments over the last few years has been the increasing reliance of APM on artificial intelligence. (Source: pixabay)
In addition, AIOps applies AI to automate remediation activities following identification of a problem. Embedded systems developers can similarly look to AI as a primary tool in building proactive cyberattack identification functionality at the application level.
While artificial intelligence is currently used to train embedded systems, much of the training takes place away from the embedded devices. Remote training provides larger amounts of higher-power processing capability to quickly deal with the large amounts of data driving AI model development.
There is a growing use of AI on the edge, however, and embedded systems developers should consider the viability of onboard AI to perform security monitoring tasks locally. However, because the computational requirements of AI models are high, embedded systems developers must continue to focus efforts on reducing the overhead of traditional AI methods in order to apply them better in a local environment.
Converged application and infrastructure monitoring
Every aspect of the operation of an embedded system must be protected, whether the underlying hardware of the applications running on it. Reliance on monitoring of individual components is giving way to a more holistic view of system operation.
Application of observability principles (preferably in conjunction with robust monitoring) may provide a better overall understanding of real-time embedded system performance, allowing for better identification of anomalies and potential attacks.
It is next to impossible for network administrators and other IT professionals to manually keep up with all of the data and analyses necessary for a modern cybersecurity program. Automation is, therefore, an essential component of future cybersecurity efforts. For example, while APM is effective for assessing the existence of an attack, it is more effective in conjunction with systems that automatically and proactively identify vulnerabilities.
According to cybersecurity expert Barbara Ericson of Cloud Defense, “You can employ traditional and linear vulnerability scanners or use adaptive vulnerability scanners to search for specific things based on prior experience. Fortunately, vulnerability scanners can be automated if you pick up good vulnerability management software. By automating your scans, you’ll ensure that your organization is constantly assessed for new threats and you won’t have to waste too much manpower on regularly scheduled scans.”
Embedded device developers must also continue to improve automation for monitoring of potential attacks on devices or their associated applications, as well as implement automatic corrective efforts for identified issues.
As the US pursues substantial infrastructure upgrades, the amount of IoT in critical infrastructure will increase exponentially. And that increase necessarily comes with an increase in the threat of cyberattacks. Embedded device developers must apply renewed focus on implementing novel cybersecurity controls onboard to ensure the reliability and security of critical infrastructure.
For more Embedded, subscribe to Embedded’s weekly email newsletter.
The post Protecting critical infrastructure through application performance monitoring appeared first on Embedded.com.