Blog

When Embedded Systems Go Wrong: The Cyber Security Challenge

October 10, 2019

It’s no news that embedded systems are hitting established markets like never before and that the impact of these new technologies has become unpredictable.

The fact that these devices can interact with each other without human intervention or supervision is becoming a real problem when it comes to security.


The pressure to better connect with the outside world is reaching even the most conservative sectors like healthcare, defence, aerospace and railway. Failing to ensure the safety and security of embedded systems in these industries can put human lives at risk and some experts go as far as to say that about 29% of these systems could, in a worst-case scenario, kill or injure someone!


So, how does one ensure that this doesn’t happen? The tricky bit of this is that security software like firewalls, antivirus shields and real-time scanners for web navigation don’t work on embedded systems. Plus, one of the most complicated situations to deal with is adding a security layer to these systems’ lifecycle because it requires interrupting and restructuring the previous design. Not to mention that there are so many of these systems that finding a one-size-fits-all solution is nearly impossible. No worries, though! It’s not all bad news!


Many industry standards have been put in place to help improve security in the embedded systems landscape. Better yet, these standards cover everything from security management to product development requirements!


At Critical, we comply with all relevant standards and use our years of experience in other safety-critical domains to develop a solid and direct approach to solving embedded cyber security problems. This approach covers the entire spectrum of embedded cyber security activities. Here’s a brief explanation of how it works:

  • The “Corporate Information Security Management System” focuses on supporting systems, as well as the overall information security.
  • The “Secure Development Process Definition” zooms in on the secure development process that needs to be defined and followed to ensure security later down the line.
  • The “Secure Embedded System Implementation” looks at the practical side of creating an embedded cyber security solution.


These three points can exist separately, but they do pack a more powerful punch if used together.


This approach covers the most important aspects of a secure development lifecycle and it also covers the major elements that need to be present and correct to ensure strong security.


Even though our approach is a complete solution, it also lets us apply additional security methodologies and techniques if needed.


We can’t deny that it’s bad for businesses to develop systems that could potentially cause injury or even death, not to mention that it’s also entirely irresponsible, and companies that create these systems are risking a great deal. Deciding whether it’s better to work with a safe, proven process throughout the system development lifecycle is an easy one but determining the right level of security needed for each embedded system is more complicated.


Drawing on our expertise in this area, we help companies make informed decisions, and prepare and execute the right strategy to achieve the security level they need. We’ve been working in the field of embedded systems development and assurance for over twenty years, and this specialisation in safety-critical systems means that we understand the impact that a failure in system design can cause.



If you’re interested in learning more about our work in this matter, check out our offer .

Tags
Cyber Security