SSV Software Systems
Turning point in the threat situation
Anyone planning a new IoT application these days should also carefully analyze the potential cyber risks and design countermeasures. In many cases, such analyses also make sense retrospectively.
As networking continues to advance, the risks of major cyber attacks have been increasing for years - with considerable consequences. If there are also armed conflicts, as is currently the case in Eastern Europe, the threat situation reaches a level that should definitely influence our own actions. In some cases, the current situation also requires a new perspective on networked applications and future development projects.
New perspectives
The fact that a satellite-based internet connection can also be used for IoT applications is nothing new. Until now, however, it was only cost aspects that prevented it from being used in practice in some cases. It is now becoming clear that certain countries consider such wireless internet access to be a significant threat to their own security for various reasons. After all, this communication technology has a "dual-use character". Not only can it be used to access any website to obtain information from any location, but satellite-based Internet access also makes it relatively easy to send "tap-proof" data from different locations to a collection point via an end-to-end connection, for example to implement decentralized sensor applications for military purposes.
Figure 1: Cause-effect diagrams are graphical representations of individual causes that lead to certain problems. They are used as part of failure mode and effects analyses (FMEA). Combined with STRIDE threat modeling, they can also be used to process IoT cyber security tasks.
© SSV Software SystemsCommunication between mobile troop units or drones and the control center is also quick, easy and, from a military perspective, extremely inexpensive to implement. China's military is therefore even considering destroying the Starlink satellite internet of Elon Musk's SpaceX (as reported in the daily press at the end of May 2022). The associated risks of potential collateral damage for its own IoT applications must be assessed in any case.
A lot has also happened in terms of potential cyber attackers: the "IT Army of Ukraine" is openly advertised on the internet. Anyone with sufficient specialist knowledge can join this cyber guerrilla group to attack any virtual targets in other countries from their home office, for example. The attacks are coordinated via the Telegram messenger app. So far, however, only simple DDoS attacks have been carried out. It is to be hoped that the idea does not lead to a "cyberattack-as-a-service" offering. However, appropriate tools for risk analysis will be part of every developer's toolbox in the future.
Vulnerability and risk analysis
An established method from the field of machines and systems is the Failure Mode and Effects Analysis (FMEA). In principle, an FMEA can also be used for the cyber security of IoT applications and networked automation solutions. Numerous sources of information can be found on the internet. In a cyber security FMEA, however, the individual risk areas of hardware, software, network connections and cloud must be represented in the team by highly experienced experts. In any case, threat modeling (security threat modeling) should be carried out on the basis of a detailed application structure. The Microsoft STRIDE modeling tool, for example, provides assistance with regard to possible risks. Such an analysis can also be based on the data flow of an IoT application - i.e. from the sensor to data analysis and automated decision making to the resulting action(see Figure 1). With regard to detection probabilities and priorities, it should be noted that we are dealing with a very dynamic environment; the risks of a cloud connection, for example, can change over time.
Concerted use of methods
DevOps is an effective concept for implementing the findings of systematic vulnerability and risk analyses. This term, made up of "Dev" (development) and "Ops" (operations), refers to a very effective approach to software development and maintenance. DevOps combines people, methods, processes and technologies to continuously create high-quality products and solutions and operate them in practice. The eight typical DevOps phases are often depicted as an endless loop(right in Fig. 2), which the responsible product management, the development team and the application managers go through again and again as a process chain. This construct contains a CI (Continuous Integration, software coding and change process) and CD (Continuous Delivery, software delivery process) activity pipeline. All tasks are processed by a developer team and an application team.
DevOps was developed in the IT world and has been used there for many years in countless applications. Under certain conditions, DevOps methods can also be applied to the networked embedded systems of IoT modules and the associated cloud-based software functions. However, in order to prevent the failure problems of satellite modems and credit card payment terminals(see IoT hotspot in issue 5/6-2022), the modules and applications must meet certain requirements(Fig. 2).
Each IoT module should have two communication links, one default link and one out-of-band (OoB) link. Two independent flash memory areas (firmware image A, firmware image B) are used as firmware memory, which are protected by special write protection hardware (e.g. an authenticated write latch). Firmware image A, for example, is used for normal operation via the default link, while firmware image B enables recovery via the OoB link in the event of problems. A special cryptographic watchdog timer (AWDT = Authenticated Watchdog Timer) monitors the default link function. In the event of an error, the recovery firmware is activated via the A/B functionality. Both the firmware variants of the IoT modules and the software functions of the cloud services are continuously developed further via DevOps. The monitoring tasks associated with DevOps also provide an additional monitoring level that can also trigger an OoB recovery on the cloud side.
Worthwhile additional effort
The author: Klaus-Dieter Walter is a member of the management board at SSV Software Systems.
© SSV Software SystemsWith systematic vulnerability and risk analyses and the interaction of some special hardware and software functions plus DevOps, a very robust system behavior for IoT assemblies and applications can be realized despite the current threat situation. This does result in a certain amount of additional work with an impact on unit and operating costs. However, this effort is definitely justified for applications in the area of critical infrastructure (e.g. decentralized energy systems), as application availability is improved even if the cyber threat situation continues to increase.
You might also be interested in
Cyber resilience for IoT applications
In terms of resistance to cyber attacks, there is still a great need for action - especially in applications with fully automatic software update functions.
read more...The tricky question of authentication
In electronic transactions, users and applications are automatically identified on a daily basis using various security factors. In many IoT applications, however, there is a gap between what is technically possible and what is actually used in...
read more...Study on the working world of tomorrow
Merging technical skills and soft skills
AI is profoundly changing jobs, but at the same time it is making human skills indispensable. The new Skills Economy Report 2026 from SkyHive by Cornerstone shows that roles in the future will require both technical skills and soft skills.
read more...Making shadow AI controllable
Cycode is expanding its platform to include an AI inventory and an AI parts list. The aim is for companies to recognize which AI tools, models and assistants developers use throughout the entire software lifecycle, including shadow AI.
read more..."Crash test" for LLMs in AI agents
Lakera and the UK AI Security Institute have launched 'b3', a new open source benchmark. b3 is an open source security evaluation project specifically designed to protect Large Language Models (LLM) in AI agents.
read more...AI coding is becoming the risky norm
AI-supported software development is profoundly changing the security situation, according to the new report "Future of Application Security in the Era of AI" by Checkmarx. 81% of companies knowingly deliver insecure code.
read more...Vulnerability with high CVSS value discovered
A vulnerability with a particularly high CVSS (Common Vulnerability Scoring System) score of 9.8 affects several Fortinet products and allows unauthenticated attackers to execute arbitrary code or commands, Censys has announced. Up to 2,878...
read more...APT Group has energy facilities in its sights
According to recent analyses by Kaspersky, the notorious advanced persistent threat (APT) group SideWinder has adapted its attack strategies and expanded its geographical targets. SideWinder is now also targeting nuclear power plants and energy...
read more...Zero Day Vulnerabilities - the consequences of a large-scale cyber attack
The series 'Zero Day' deals with the cyber threat situation and highlights the consequences of a large-scale cyber attack in the USA. It addresses a highly topical and real risk: Cyberattacks that target previously unknown vulnerabilities -...
read more...