The Stuxnet Worm attack in 2010 should have brought home to embedded systems developers that even the smallest MCU based control system is vulnerable to hackers and security intrusions, according to Amir Raz and Ido Sarig of Wind River, who presented a class (ESC-230) on embedded security at last week's Black Hat Summit at ESC DESIGN West.
In their class titled “Could the Stuxnet Worm have been prevented? “, Sariq points out that this attack went after supervisory control and data acquisition (SCADA) systems similar to those in common use today in industrial applications as well as in diverse power, gas, electricity, oil and other utility systems. Embedded devices, which used to be standalone and defined by their degree of isolation from the network, are increasingly connected. According to Raz and Sarig, their number could reach 50 billion or more by 2020. This means embedded systems are increasingly open to network-based attacks, especially if developers ignore this crucial security aspect of their designs.
In his class at ESC DESIGN West on “White Hat hacking the smart grid (ESC-224) ,” Joe Loomis of Southwest Research Institute was particularly critical of SCADA systems as they are presently implemented on the Smart Grid. “The additional functionality and features of the smart grid increase the attack surface that can be exploited by a hacker,” he says. “New devices bring additional communication and control channels that need to be protected.”
If you attended ESC DESIGN West but did not attend the Black Hat Summit, you should download not only the papers by Raz/Sarig and Loomis, but those of the 14 other presenters on security topics. For those who did not attend ESC DESIGN West, I recommend that you read the commentaries by several of our columnists, including: “Strategies for securing the smart grid” by David Kleidermacher, “Building reliable and secure embedded systems” by Michael Barr, “Is the SCADA infrastructure secure?” by Jack Ganssle, and “Not in Kansas anymore: securing SCADA” by Erik Marks. Of a number of recent Embedded.com design articles columns, white papers, webinars and online classes on this topic, my Editor's Top Picks include: