Expert: cyber security in embedded computing relies on systems integrity and rugged packaging
NEW ORLEANS – Military embedded computing systems suppliers need to start paying serious attention to cyber security issues like systems integrity, trusted suppliers, and rugged packaging -- or risk becoming victim to reverse engineering, counterfeit parts, or system invasion, one industry expert warns.
"Our computer systems are under attack," says Richard Jaenicke director of market development and strategic alliances at embedded computing expert Mercury Systems in Chelmsford Mass.
Jaenicke made his comments Monday at the Embedded Tech Trends (ETT) conference in New Orleans, which is sponsored by the VITA Open Standards and Open Markets industry trade group in Fountain Hills, Ariz.
Among the chief concerns of embedded computing designers for U.S. and allied military systems is ensuring that potential adversaries cannot access crucial data or technologies during wartime incidents. "You want to make sure nothing bad happens if the system falls into unfriendly hands," Jaenicke told ETT attendees.
As an illustration, Jaenicke brought up the 2001 Hainan Island Incident when a U.S. P-3 reconnaissance aircraft collided with an aggressive Chinese jet fighter and was forced to land in Chinese territory.
Despite having at least 26 minutes to destroy important intelligence and reconnaissance electronics and data-storage equipment aboard, the P-3's crew were not able to safeguard important data and technology from Chinese authorities, who seized the aircraft and conducted intensive searches and investigations of the aircraft, onboard systems, and crew members.
U.S. government officials fear that important U.S. reconnaissance data may have been lost to the Chinese military as a result of the incident, which is a reminder of the need for anti-tamper technologies in today's military systems, Jaenicke points out.
"System integrity, trusted suppliers, rugged equipment, and system security are necessary for secure deployed systems, "Jaenicke told the conference.
Making sure these design approaches become part of military embedded systems, however, can be more difficult than it looks. Carrying out an effective cyber policy "is really hard, and almost nobody does it," Jaenicke says. As a result, waivers from government cyber requirements often are granted -- particularly for legacy technology that might require major upgrades and redesigns to insert cyber protections.
Systems integrity, Jaenicke explained, is about protecting against reverse engineering techniques that involve physical access, access to a debug port, or unauthorized modifications in a computer's boot structure.
Trusted suppliers involves using U.S. personnel and U.S. suppliers who operate in secure facilities in which system BIOS and network stacks can be inspected for potentially dangerous modifications that could give away U.S. technology secrets to adversaries, or cause system malfunctions or even takeovers.
Fortunately some companies in the U.S. embedded computing industry are starting to pay close attention to cyber issues, and are finding ways to provide affordable cyber security in open-systems architectures, Jaenicke says.
The three keys for effective cyber security in embedded systems are security to prevent reverse engineering; trusted systems to prevent unauthorized installation of software back doors; and rugged design to prevent physical system failures, Jaenicke says.
Learn more: search the Aerospace & Defense Buyer's Guide for companies, new products, press releases, and videos