Security is foundational to the reliability of IoT systems and devices, writes Arlen Baker, the chief security architect at Wind River. Everyone from the developer to the operator to the end beneficiary needs to have confidence that an IoT solution will perform as promised, without putting anyone’s privacy or safety at risk. Moreover, the ability to demonstrate effective security is increasingly critical for compliance with stringent standards such as the EU’s General Data Privacy Regulation (GDPR), and for obtaining product safety certifications from various regulatory entities.
Given the rapid pace of IoT adoption and the pressure on developers to bring solutions to market quickly, that’s a fairly tall order. How can IoT developers address security efficiently across the solution lifecycle?
IoT developers would benefit from a systematic approach to security, grounded in a clear understanding of security needs and objectives. A prime example of such an approach is the Wind River Helix Security Framework, designed to help developers optimise the security capabilities built into Wind River embedded software solutions.
The Helix Security Framework starts with the industry standard model of Confidentiality, Integrity and Availability – the widely accepted CIA Triad. Then we take it a step further and deconstruct each of these three principles into tangible security implementations. In the context of the Triad, confidentiality encompasses implementations designed to maintain the privacy of an asset. Integrity refers to measures that protect the content of the asset from disruption or corruption. Availability includes implementations that ensure accessibility of the asset. We then apply these implementations specifically to the requirements of the embedded systems our customer needs to secure.
That’s the high-level explanation of the framework, but how does it work in practical terms? To put it more simply, security functionality is built into every product across our portfolio that we offer for embedded system developers. However, that in itself is not enough to ensure that devices built with these solutions will be secure. It takes an additional measure of expertise and analysis in a comprehensive approach to identify and implement the right security capabilities for each system’s requirements. The Helix Security Framework enables users to determine which security features they need for their specific applications and how to activate those features.
Three stages of training
In practice the framework comes to life through a customised embedded security training class. The class is based on the specific Wind River solution the customer is using and the application they’re using it for. Classes typically entail three stages over three days. Day one is focused on understanding the framework, breaking it down into security implementations, and laying the foundation for what is needed to secure an embedded device. Day two involves going through the various security features within the Wind River product that will put those implementations into effect. Importantly, no single security solution by itself will provide complete protection for an IoT device. Rather, it is the proper layering of these defences that will provide a much stronger, multifaceted protection, commonly referred to as defence-in-depth.
On the third day, we conduct a hands-on lab that enables the customer to bring it all together – to use the tools identified on day two to implement the security requirements identified on day one.
That’s the educational component of the framework, essentially teaching our customers how to secure their devices using the tools built into the solutions they’ve acquired from Wind River. Another key component of the framework is a security assessment. It’s similar to the training class in that it starts with laying the foundations, going through the implementations coming out of the CIA Triad, and making sure the customer understands what it means to secure the device. We follow that with a deep dive into the customer’s specific need to define the system assets, the vulnerabilities of those assets, and the security implementations needed to secure them. We put all that in a written report that the customer can execute against.
In different scenarios with several customers, the Helix Security Framework has proven effective in empowering development teams to meet their security objectives. It has been applied in securing medical devices, head-up displays for military aircraft, industrial control systems, power plants, wastewater and sewage systems, and other IoT systems for critical infrastructure. We’ve applied it on behalf of customers building new systems from scratch, as well as for industrial and critical infrastructure operators faced with upgrading and connecting brownfield legacy systems and equipment.
The beauty of the framework from the customer’s perspective is that it is repeatable and transferrable. One client with a major defence contractor told us his team was applying our process not just to the initial engagement, but to multiple projects across the corporation. We gave them the framework and taught them how to use it, and they ran with it.
Another customer in the medical device arena was looking for a commercially available operating system (OS) that provided continuous security monitoring and vulnerability protection. In fact, the company had incurred a great deal of negative press about the vulnerabilities in its devices, and was causing them financial impacts. Walking through the Helix Security Framework was a big factor in the company’s decision to go with Wind River Linux, along with our continuous security monitoring and vulnerability protection, and the next release of its device incorporated the recommendations derived through our security assessment.
IoT and embedded system developers need a systematic approach to security that can be integrated into the development process. For users of Wind River technology, the Wind River Helix Security Framework has been proven in the trenches. It’s a way for IoT developers and system operators to gain the upper hand against malicious actors, while enabling them to meet the marketplace and regulatory demand for safe, secure and reliable systems.