You may have noticed that cyberattacks on critical infrastructure have been on the uptick in recent months. Targets have ranged from a water treatment facility in Florida, which ultimately failed, to the Colonial Pipeline, which succeeded in disrupting the gas supply for millions of Americans in May 2021. In response to these news-making attacks, President Biden has announced further cybersecurity initiatives with the aim of strengthening the nation's infrastructure against cyberattack.
Attacks on critical infrastructure have highlighted US cybersecurity shortfalls
In response to this increasing threat against critical infrastructure in the US, President Biden issued an executive order in May 2021 that aimed at improving the cybersecurity standards and guidelines for embedded systems and networks used by the Federal Government.
While a great first step, we know the risk of cyberattack isn’t solely contained to the systems used by the federal government. Now, five months after his original executive order, Biden has called on the private sector to ramp up their cybersecurity practices to meet those outlined for the federal government in an effort to protect organizations, and ultimately the American people, from falling victim to potential attacks.
In August 2021, the White House released a set of initiatives to boost the nation’s cybersecurity—aimed at both the public and private sectors. So, what do these initiatives mean for the future of our embedded systems?
The private sector commits to funding & researching the cybersecurity technologies of the future
The most significant shift in Biden’s cybersecurity initiatives is the inclusion of the private sector. When we consider that the private sector owns and operates about 85% of US critical infrastructure, demanding that they take the lead on providing security and safety with that infrastructure is a no-brainer. The August announcement included companies, like Apple, Google, IBM, Amazon, and Microsoft, among others. Together, these companies are investing billions of dollars in cybersecurity research, jobs, and technology to improve the security of their products.
In addition to the commitment of launching and expanding cybersecurity programs and jobs already in place by organizations like Apple and IBM, Microsoft announced an investment of $20 billion over the next five years to accelerate their effort to integrate cybersecurity-by-design in their devices. Developing a device with cybersecurity-by-design simply means building security into the device from the ground up, rather than relying on layering on security defense mechanisms after the device is already on the market. $150 million of that investment will be made available immediately, and will be put towards helping federal, state, and local governments to upgrade their cybersecurity platforms.
Implementing cybersecurity-by-design is a critical step in ensuring the security, safety, and privacy of the connected world. Historically, cybersecurity has been reactive. Software updates are pushed out with security patches after a vulnerability has been identified and things like antivirus software is installed on devices after they’re developed.
The truth is that this approach never really provided the level of security that was needed. If it did, we wouldn’t be having this conversation now. But, the need for a proactive approach to security is especially pertinent in today’s world, where our devices touch every aspect of our lives. These days, embedded systems can do everything from setting the ideal temperatures in our homes on smart thermostats to providing mission-critical support in military and defense applications.
While this call for proactive security, like the kind that is provided and supported by cybersecurity-by-design approaches, is being answered by the private sector, it is also one of the pillars of the President’s Industrial Control Systems (ICS) Cybersecurity Initiative, announced in April 2021 as part of Biden's overarching mission of improving the cybersecurity of the US as a whole.
Building upon the Industrial Control Systems (ICS) Cybersecurity Initiative
The ICS Cybersecurity Initiative is a joint effort with the Department of Energy (DoE) and the Cybersecurity and Infrastructure Security Agency (CISA) to increase the security of critical infrastructure in the United States. This increase in security will be achieved through the deployment of cybersecurity technologies, like real-time threat detection that “can monitor control systems to detect malicious activity and facilitate response actions to cyber threats.” The initiative was initially piloted by 150 electric utilities, and has since expanded to natural gas pipelines.
It’s likely no coincidence that this program expansion was announced on the heels of the now infamous Colonial Pipeline ransomware attack. We saw the major consequences of that attack—the increase in gas prices and decrease in gasoline supply. Threats like this will be a persistent reality if we don’t face the problem head-on.
How the CoreGuard Oversight System supports the goals of the ICS Cybersecurity Initiative
The call for a proactive approach to cybersecurity is not a new one (we’ve talked about why current cybersecurity measures are insufficient before), but it’s one that’s gone largely unanswered until now. With Biden’s latest announcement, we have assurances from both the federal government and the private sector that a proactive, cybersecure-by-design approach is underway. There are billions of dollars and countless man hours being funneled into research and subsequent technology deployment to the nation’s critical infrastructure, but this fact doesn’t exactly answer the question: how exactly can this level of cybersecurity be achieved?
One way embedded systems can be cybersecure-by-design is with Dover’s CoreGuard oversight system. CoreGuard is installed during the design and development process on the same SoC as the host processor. This means that the cybersecurity that is provided by the CoreGuard technology is done at the lowest possible level, and is unassailable over the network. In fact, CoreGuard immunizes processors against entire classes of network-based attacks, including zero-day attacks.
You can think of CoreGuard like a bodyguard to embedded systems—the CoreGuard technology monitors every instruction executed by the host processor and ensures that it is a legitimate, allowed instruction. This is done through a combination of hardware and software. The software is composed of micropolicies, which are informed by metadata. These micropolicies give CoreGuard the information they need to determine whether or not an instruction being executed by the host processor is legitimate or malicious. If legitimate, the instruction executes as normal. If an instruction is not legitimate, CoreGuard issues a violation and that instruction is blocked from executing.
Let’s take a look at how CoreGuard is able to achieve one tactic outlined in the ICS Cybersecurity Initiative, real-time attack detection and response. When CoreGuard detects a violation, information about that violation is compiled and sent to network operations management systems. At the same time, the application is notified that an attack is occurring and is able to take action via a predefined response. That response could be anything from terminating the application altogether, to simply logging the error but continuing to execute and can be customized to the system that CoreGuard is protecting.
Real-time attack detection is just one of the tactics of the ICS cybersecurity initiative, and just one aspect of the security provided by CoreGuard. The future of cybersecurity for embedded systems is one that is integrated into the design and development process, rather than a reactive measure to curtail cyberattacks once they’re already underway.
Proactive cybersecurity technologies, like CoreGuard, are essential to protect today’s embedded systems, particularly those powering our nation's critical infrastructure. To learn more about CoreGuard and how it can help embedded systems achieve the level of security outlined in the ICS cybersecurity initiative, request a demo today.