search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Security & Monitoring Catch here


Cyber resiliency is vital for a world of connected devices


T


he world is currently witnessing an explosion of connected devices with more aspects of our lives relying on the internet now than ever before, with everything from watches to fridges evolving into smart devices. The growth of these devices is not slowing down any time soon – with predictions that were will be over 50 billion of them by the time we reach 2030. Connected devices are integrated into every bit of our existence – we rely on them to function.


Unfortunately, this popularity does not come without risk. The more devices connected to the internet, the more the opportunity exists for hackers to infi ltrate, damage, and disrupt. As technology advances, so too do the methods of hackers, meaning the security measures we take to prevent an attack must also change.


A greater risk


Not only do more devices increase the opportunity for attack, but the potential for considerable damage also heightens. More of our personal data than ever before is vulnerable, thanks to the tendency of


www.cieonline.co.uk


storing it digitally. As a result, devices such as microphones, cameras and sensors can be easily infi ltrated, with damaging consequences for individuals and businesses. The 2020 attack on SolarWinds clearly demonstrated the risk that malicious actors pose. Attackers were able to access the infrastructure of SolarWinds, which produces a platform called Orion, which they then used to distribute trojan updates to software users. Thanks to this update, the attackers were able to access numerous systems belonging to multiple security organizations, universities and colleges, telecom operators and US government departments. Cyber attacks can lead to devastating


fi nancial losses and immaterial damage, with incidents costing enterprises an average of USD $200,000 globally. Essentially, the security measures in place are often the deciding factor in the cost extremes attack can result in”.


Resilience and recovery The good news is that with the implementation of proper defi nitions, architectures and scenarios, the risk of attack


to connected devices can be greatly reduced. Even after an attack has taken place, implementation of the right cyber resilient architecture means devices can be recovered after they have been compromised. The Cyber Resilient Technologies (CyRes) work group at Trusted Computing Group (TCG) has released a new draft specifi cation titled Cyber Resilient Module and Building Block Requirements which can be used to mitigate the threat of potential attacks. With this specifi cation, vendors can develop a solid foundation for Cyber Resilience, meaning that the entire industry now has a potential new layer of protection against cyber threats. Not only does the specifi cation ensure better security, but it will provide the detection of malware and enable the recovery of a device once it has been compromised, without the need for time consuming manual efforts. With the sheer volume of IoT products being released to market, it is important to have in-built measures that facilitate a recovery process. The CyRes work group has designed the concept of a Cyber Resilient Module, which could be implemented in many forms: as part of system on a chip that is the main hardware in a device, or inside a microcontroller unit which is a subcomponent installed within a larger, more complex system. The Cyber Resilient Module approach can recover successive software layers and individual components that can be found within a device, with the servicing of code and confi guration potentially needed for multiple layers sequentially. The specifi cation is applicable to a multitude of simple IoT devices and more complex systems like those with storage or peripheral device controllers.


IoT is dependent on resiliency All IoT devices should be configured with cybersecurity in mind. The ability to protect themselves from the outset against network-based attack should be a priority for vendors, deploying a wide range of hardware and software to ensure that devices are kept secure. However, bugs and misconfigurations can still lead to damage when it comes to ensuring the authenticity and integrity of firmware.


The manual intervention when a device has been compromised is simply not feasible for the future of IoT, thanks to the many thousands of devices that continue to be deployed every day.


As many future devices are inevitably going to be using the same imperfect software which exists today, manual, time consuming intervention for the recovery of a device is only going to become less suitable as time goes on. This is thanks to the number of devices that will be either physically inaccessible or won’t have an interface appropriate for performing manual repair.


Implement with ease


It is true that enterprise-class technologies already exist, which support and secure reliable remote device management and recovery. The problem is, they can often be unsuitable for several IoT devices thanks to limitations in their cost, form factor, power needs or availability of an out-of-band management channel. TCG’s specifi cation defi nes a minimal set of capabilities or mechanisms, making it easy to implement. This means that Cyber Resilient devices can be built with a more limited range of resources, and IoT microcontrollers can be used in a much broader range of applications. The Cyres specifi cation offers the user a variety of options to assist with the automated recovery of a compromised device, without the need for manual interaction, not only reducing time and cost, but providing the user with a new improved level of assurance. With this specification, Trusted Computing Group has created a baseline set of measures which vendors can incorporate to ensure the cyber resiliency of IoT devices, while keeping costs low, and size of the hardware compact. The structure of the document allows for further development and additions of architectures and platform specific requirements in the future. It is a step which will provide security to billions of devices, protecting the personal, sensitive, and commercial data that is stored on an increasing number of connected devices.


trustedcomputinggroup.org Components in Electronics May 2021 33


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54