Page 5 - Cyber Warnings
P. 5
IoT Devices Require Security-First Design
by Bill Graham, Technical Marketing Specialist, GrammaTech
Introduction
The Stuxnet malware was a wake-up call for embedded device security when it became public
knowledge in 2010. Its sophistication and purpose made it clear that industrial control systems
and the embedded systems used to control and monitor critical infrastructure were at risk.
Machine to Machine (M2M) and Internet of Things (IoT) realities mean that more and more
devices are being deployed and connected to each other. This connectivity is both the promise
of IoT (data gathering, intelligent control, analytics, etc.) and its Achilles’ heel. With ubiquitous
connectivity comes security threats - the reason security has received such a high profile in
recent discussions of IoT.
Security-First Design
Security has not always been a primary concern for embedded devices -- connectivity was
assumed to be local, and in the hands of trusted operators and devices. Stuxnet, however,
quickly proved that even local access can’t be trusted, as it infected PCs and laptops that then
infected programmable logic controllers (PLCs) that were connected via a local area network.
Modern devices need to be connected to a network (and frequently the Internet), and these
devices require more serious attention to security and applying security principles early in the
development lifecycle.
Software Security in the Software Development Lifecycle
A security-first design approach means integrating security as a top priority in the software
development lifecycle (SDLC). Developers and project managers can expect at least the
following types of activities at these key stages:
Figure 1: Security processes superimposed over the software design lifecycle.
5 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide