Security+: Security Implications of Embedded Systems

Introduction

The Internet of Things (IoT) is changing both how we live and how we do business. You can find embedded (or smart) devices everywhere, from the doctor’s office and the public transportation system to the agricultural supply channel and national defense systems. Intel estimates that by the year 2020, the world will have 200 billion connected objects, up from 15 billion in 2015.

Embedded systems — computer technology integrated into everyday devices to perform a specific function — present a unique set of challenges. On the CompTIA’s Security + exam, candidates will need to be able to demonstrate their knowledge of how embedded systems impact security.

Embedded systems have many of the same security challenges, but each type of system adds another layer of complexity and unique factors. For a long time, manufacturers didn’t pay a lot of attention to the security of the embedded systems, partly because the security risks weren’t known.

But even for newer devices, security is often an afterthought. A major driver of this trend is the fact that these devices are small, so adding security would take away from functionality.

For the CompTIA Security + exam, you’ll need to understand the security implications of different types of embedded systems. Here are some examples.

SCADA/ICS

SCADA refers to supervisory control and data acquisition systems, which are used to manage industrial control systems (ICS). The use of ICS ranges from controlling manufacturing production to monitoring critical infrastructures such as power and water utilities.

Traditionally, ICS relied on passive defenses such as “air gapping,” separating them from the internet. Today, however, it’s hard to escape connectivity and operations are also becoming interconnected. Industrial entities are looking for more efficient ways to control operations and use real-time data, so they’re deploying more Internet-connected embedded systems.

Industrial control systems (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/9YWEvjXlPFE/