The Different Trusted Computing and Cyber Security Approaches for Embedded Computing and Enterprise Systems
Published in Military & Aerospace Electronics
When discussing trusted computing, and cyber security, it is important to understand which of two types of computer systems that need protection - enterprise or embedded.
Enterprise systems manage the information technology (IT) and infrastructure of large organizations the world over. These systems often are distributed and connected, and typically are upgraded at a comparatively frantic pace.
Embedded systems, on the other hand, typically are deployed in the field. They tend to be much more rugged and much more tightly integrated than enterprise systems, and commonly undergo more rigorous certification and verification processes.
Enterprise systems normally are made up of all-commercial components, networked together potentially over long distances and often connected via firewalls to public networks. These systems often integrate normal desktop and laptop computers, switches, routers, and firewalls, as well as other commercial market products that usually are produced in large volumes.
For each of the products that comprise an enterprise system, there are specific security considerations that systems integrators must address. Most enterprise hardware will use standard interfaces, such as Ethernet and USB. They will run a version of a common commercial operating system like Microsoft Windows or RedHat Linux, and depend on support from commercial vendors for security updates.
In contrast to enterprise systems, embedded computing systems exist within a defined environment. They normally are more rugged, which enables the electronics to operate in the harsh physical environments that fielded military hardware must endure. They also are much more closely integrated, perhaps using interfaces that are less common in commercial architectures, such as MIL-STD-1553.
Embedded systems typically also use purpose-built hardware, often in response to the difficult tradeoffs that designers make regarding the size, weight, and power consumption (SWaP). Also, because of the lower production volumes, these systems often will have much different vendors and support structures than do enterprise systems.
It is important to consider the history of cyber security when choosing trusted computing approaches for enterprise systems and embedded computing.
The criticality of cyber security emerged as a major concern as systems became more connected, and opened the door to potential attackers via remote access. Because they connect disparate geographically isolated heterogeneous systems together, enterprise architecture designers consider requirements for authenticating endpoints, encrypting communications, locking down interfaces, and controlling the flow of information.
The community of cyber security professionals has developed many products, tools, and frameworks geared specifically to address the needs of enterprise systems. Some common examples of these are virus scanners, firewalls, and intrusion-detection systems.
A virus scanner is a relatively simple tool that can look at code and data to determine if it has nefarious intent. One important facet of using a virus scanner is ensuring that the definition of what constitutes a virus stays up to date. If not, new viruses can circumvent the scanner.
This tool relies on the connectivity of the enterprise system to ensure it stays current and effective. Using such a tool in a disconnected, or even infrequently connected embedded environment can be problematic. In comparison, a firewall that filters network traffic, or an IDS that monitors a system for anomalous behavior, might not require as updates as frequently as a virus scanner does to stay relevant, but may still require the ability to trigger warnings that instigate investigation and response when necessary.
Decomposing System Security to Prevent Cyber Attacks in Trusted Computing Architectures
Trusted computing systems designers should consider system security early in the design process to prevent cyber attacks.
The Trusted Computing Implications of Interfaces, and How They Can Influence System Performance
Steve Edwards and David Sheets explore the implications of how interfaces influence system design in trusted computing.
The State of Cyber Resiliency Metrics on Embedded Systems
We look at how the ability of an embedded system to identify, prevent, and respond to cyber attacks is defined by measuring its level of cybersecurity and cyber resiliency.
Trusted Computing for Defense & Aerospace
Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing.