Icon Labs has announced the availability of their new Floodgate Security Framework (FSF) to protect embedded devices and systems from cyber-attack. Internet-based attacks are on the rise and an increasing number of these attacks are targeting embedded devices.
Cyber-criminals, hacking bots, industrial or international espionage agents and even terrorist groups are now targeting industrial, military, automotive and medical devices as well as utility systems.
According to Alan Grau, CEO and founder of Icon Labs, “In IT security, endpoints must be authenticated, trusted, secured and managed before they are allowed to operate on the corporate network. IT/OT convergence and the emergence of security standards in various industries require that embedded devices provide the same security capabilities as IT devices.”
The Floodgate Security Framework provides:
- Management system integration for IT/OT convergence.
- Security capabilities to ensure devices are protected from attack.
- Building blocks for compliance with security standards including NERC-CIP and EDSA.
Two new capabilities make the Icon Labs Floodgate Security Framework stand out from other cyber defense solutions – Secure Boot and Intrusion Detection.
Floodgate Secure Boot provides a critical security capability for embedded devices by ensuring that only validated code from the device OEM is allowed to run. This prevents attackers from replacing firmware with versions created to perform malicious operations. Secure boot utilises code signing to verify the authenticity and integrity of firmware prior to execution. Floodgate Secure Boot provides the APIs required for code signing, code validation and secure firmware updates. The Floodgate Secure Boot data sheet is available at http://www.iconlabs.com/prod/files/fg-secureboot-ds-april-2015pdf#overlay-context=resources
Floodgate Intrusion Detection monitors system activity and configuration to detect unauthorised changes to the system. These changes are reported to a security management system. Engineers integrating Floodgate IDS into their device can select the appropriate response based upon the severity of the threat and the specific requirements of their device. Supported responses include event logging, alert generation, shutting down the device, operating in “safe mode”, wiping data, and deleting firmware. Floodgate IDS can also support customisable responses to detected threats. The Floodgate Intrusion Detection data sheet is available at http://www.iconlabs.com/prod/files/fg-ids-ds-april-2015pdf#overlay-context=resources
The Floodgate Security Framework also provides Root of Trust/Chain of Trust, Run-Time Integrity Validation, Application Guarding APIs, Secure Device Manifest support, an embedded firewall, and integration with various security management systems. These capabilities provide the building blocks for achieving EDSA Certification, ISA/IEC 62443 Compliance, and/or compliance with the NIST Cybersecurity framework
FSF is the only security solution for embedded devices providing both device protection capabilities and security management for any embedded OS . Floodgate Security Framework has been ported to a wide range of RTOSes including VxWorks, Nucleus, INTEGRITY, embedded Linux, μC/OS-III and RTXC.