The Best Hacker Defense is a Good Offense
February 21, 2020
Story
The risks associated with cybersecurity are growing far faster than anyone ever expected. While we hear reports of high-profile attacks on a regular basis, there are many more that go unreported.
The risks associated with cybersecurity are growing far faster than anyone ever expected. While we hear reports of high-profile attacks on a regular basis, there are many more that go unreported. Consider it unauthorized data mining.
Attacks are becoming more prevalent because more systems and devices are being connected to the Internet, growing the “pool” of vulnerable points. The cyber community calls this “increasing the attack surface.” This is true for just about any market, but certainly includes the military, power and utility industries, security, autonomous vehicle developers, and so on — all places we consider critical infrastructure points — extending into equipment used in industrial spaces, like power substations, smart grids, and petroleum processing plants. As we populate these areas with more sensors, our cybersecurity challenges are compounded.
Most experts believe that it’s just a matter of time before every platform worth hacking, is attacked. The key is to ensure that when it’s your turn, the information that’s exposed doesn’t put your institution, constituents or data at risk.
While the potential risks differ in every application, some are far more serious than others. Some recent examples include malware that can erase your entire system, unauthorized encryption of your data, or unauthorized use of a network to seek access to sister company systems.
In military applications, like weapons systems or advanced communications, the need for extreme security is not only obvious, but non-negotiable. Each program has specific classifications that define the required level of security. For example, the SIPRNet and NIPRNet enclaves have lower security requirements than those specified in the Joint Worldwide Intelligence Communications System (JWICS), a network run by various defense agencies, including the Department of Defense (DoD) and Department of Homeland Security.
Staying current on these requirements is critical for Crystal Group. For us to effectively and accurately design and develop system architectures that allow our customers to control the security of their products and applications, we have to start with a clear understanding of what the customer is trying to accomplish, the vulnerabilities and threats, and what defense mechanisms must be in place to prevent those threats from being realized.
The RS1104 rugged 1U server can be customized to address both data at rest and secure network attached storage security levels with features like self-encrypted drives, instant secure erase and key management.
Armed with this information, we develop a secure platform that’s hardware enabled and provides the required level of security for the intended application. This may involve running virtual machines that can be spun up to handle different security functions. This technique can be combined with hardware locks or tamper-proof construction.
We start with a rugged hardware Root of Trust to monitor the boot loader files for authenticity and pedigree. This includes verifying the BIOS and firmware and monitoring any board revisions to confirm that everything in the software is legitimate and secure. By loading the image as a secure boot enabled device, the customer always receives a computer that performs as expected. With a solid foundation in place, we incorporate FIPS 140-2 SAS solid-state drives for data at rest protection.
Given the intricacies of cybersecurity, the rate and scale at which is compounds, and the evolving requirements, it’s next to impossible for any single company to address the full range of cybersecurity needs. That’s why Crystal Group has forged strong relationships with trusted partners that are experts in their respective areas. This allows us to focus on our core competency, while integrating theirs. Through this ecosystem of partners, we can deliver the right cyber secure combination of rugged hardware and certified software for each customer program, which eliminates any uncertainty or hassle for the customer.
A great example is how we’ve partnered with RackTop to create a cyber-converged network platform that encrypts large data streams with near-zero latency. The system provides a simplification in policy management, access to data, data at rest security, key rotation and key management. As the embedded world sees more sensors pumping data into a network, this becomes critically important. Overall, the system’s capabilities can be narrowed or expanded while making it easy to manage complex security networks and large amounts of data.
Crystal Group will be exhibiting at Embedded World 2020 in Nuremberg, Germany on February 25-27 at Stand 123 in Hall 3. Our display will include demonstrations of AI applications on our latest server products along with our network attached storage (NAS), Crystal Group RIA solutions and several rugged embedded computers.
Embedded World attendees can also join Toni Hogan, director of Program Management, for two panel sessions in the Embedded Computing Design booth, Hall 1-500. On Tuesday, February 25 at 4:00 p.m., the topic is Designing for Industrial Applications followed by Automotive Applications on Wednesday, February 26 at 1:00 p.m.