It has never been more crucial for businesses to implement and demonstrate their commitment to cybersecurity; with data increasingly being used to make significant business decisions.
While historically, the major concerns for senior management around IT security have focused on intellectual property theft and reputational risk, ongoing changes in technology and politics have changed today’s business landscape and priorities significantly. With GDPR now in full force, organisations must demonstrate to stakeholders that they are making a credible effort to ensure that security is built into the heart of business operations.
With the potential for GDPR fines to attract multi-million pound figures, security is now firmly a board level issue.
Vulnerabilities in the data supply chain
Organisations must first understand what potential vulnerabilities look like within a data supply chain, so they can be recognised and mitigated. As cyberattacks increase in sophistication, they are likely to be so subtle that they don’t visibly impact a system; providing misleading information to force erroneous decisions. Ironically, whilst this type of attack will be very difficult to detect, early identification is vital in order to prevent significant damage.
The first step when looking to identify vulnerabilities in data is to determine whether a device is performing as expected. If we consider a device monitoring air quality in a petrochemical process plant that feeds its data to a cloud-based reporting system; the sensor unit itself is likely to have some type of firmware on it that manages connectivity, scheduling reporting, checking and calibration, etc. If that sensor firmware has been hacked, the sensor could report at an offset, or even provide completely fabricated data.
At the next level up, if the sensor is working well, then you need to start considering whether the data in transit to the aggregating system is vulnerable. Can you certify that you are truly receiving data from the sensor rather than data that has been injected en route? Without complete trust and confidence in the data chain from end to end, there is the risk of a system being manipulated to trigger false alerts or conceal a malicious release of pollutants.
The triad of information security stands on firmware
A data supply chain needs to deliver the triad of information security – confidentiality, integrity and availability in order for its data to be usable. Confidentiality is key to mitigating privacy concerns and reducing intellectual property and competitor risks. Integrity in this sense means making sure the data hasn’t been spoofed in some way, and availability means ensuring that data is being generated and consumed as expected.
Protecting firmware running on devices at the entrance to the data supply chain is a vital foundation of the triad, as many of the recent attacks that we have seen on IoT devices have been a result of attackers accessing and changing the firmware. Altering firmware allows attackers to hijack the device and make it do whatever they want. All too many connected devices, especially lower cost consumer goods, have very limited protection against firmware modification. Things as simple and obviously risky as having a default administrative password such as the word ‘password’ left unfixed, have resulted in repeated compromises, for example.
Hardware root of trust
Providing a strong root of trust as the foundation for device security and the data supply chain as a whole is the best way to optimise security in an end device. Building a secure system strictly in software is very difficult, as most connected devices require their software and firmware to be continuously updated and patched. Being able to identify devices, confirm their patch status, validate that firmware being loaded is authorised and that the encryption keys that are used for these processes and the delivery of data are secure, is essential. With these capabilities in place, the identification, management and isolation of at risk devices can be easily assured.
Having strong security in hardware delivers the fundamental security operations like securely storing, encrypting and decrypting data, confirming the authenticity of the firmware that is running on the device and definitively identifying the device. A strong security root of trust is fundamental to mitigating a whole range of vulnerabilities for IoT devices.
Hardware security can be provided via a root of trust embedded into a chip that is part of the system as a secure IP core, or by adding a separate dedicated security chip. In most designs, security should be embedded in the main chip in the IoT device, such as an application processor or custom ASIC, to deliver optimal levels of security performance. Our own approach to embedding hardware security is delivered via a fully programmable hardware security core, built around a custom RISC-V CPU. The security processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor. This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimise the primary processor for high performance, low power or other characteristics, while optimising security in the siloed core.
The IoT age offers huge potential, but also a number of new challenges. With reputation, financial success and decision making at risk, IoT security is an issue that now ranks as a top board level concern. To limit the risk of these types of attacks, a system level approach to security is critical.
Bart Stevens, Sr. Director of Product Management and Cryptography at Rambus