In Devices We Trust
A decade ago, cybersecurity professionals engineered a sandbox to trap viruses for introspection. Today, the coronavirus has sandboxed engineers with stay-in-shelter awaiting health checks. The status quo has reversed.
Over two decades ago, the telecommunications industry coined the term “family of equipment failure” referring to a cascade effect wherein the failure of one piece of equipment in a hierarchy could trigger another equipment in a family of interdependent equipment to fail. The coronavirus pandemic triggered a family of institutions and businesses – the supply chain – to fail. The interdependence in device operations and human activities of daily living has been exemplified.
As people become intricately interdependent on machines, and machines on heterogeneous machines, the failure of one operator or device can trigger outcomes far more consequential than one could imagine. The safety and trustworthiness of devices, the ability of devices to explicitly trust other devices, and the judgement of humans to rely on decision logic controlled by connected devices will require both safeguards and safety nets.
A decade from now, the past decade will seem like the digital dark ages. From medical devices that govern life and death, to public safety systems and national defense, a new risk management strategy will emerge – driven by probable dire consequences, out of necessity, and not by political choices of decision makers in the herd.
The fundamental concept in building resilience requires boosting immunity – both self and herd immunity. Devices in the information technology (IT) world have always exhibited symptomatic and asymptomatic infections by novel malware. The infection curve does not flatten with lateral social distancing in the IT networking fabric.
Tracking, tracing & vaccinations for manufacturing
Devices need to be vaccinated at manufacturing and contact tracing is based on the intrinsic ability to generate logs of deviations from a trusted operating profile, and analyze harvested device intelligence before zero-day damage. Multi-vendor interoperability requires a standards-based risk model. Threat models are reactive, whereas risk models are proactive. A safety paradigm pivots on continuous life cycle risk management rather than episodic spot audits based on outdated checklists.
Risks amplify when they are not taken seriously and not addressed at the time of manufacture. Threats emerge later in the life cycle, propagate over the network, and mutate over time. Risks must be factored into the design of the device to build an immune system. You can trust a device that has been designed to handle risks, but not a device that requires frequent human intervention to service threats.
When a device operates in autonomous mode, it becomes a single point of uni-function failure and requires a method for remote recovery. Where devices are connected and are interdependent, bilateral trust becomes essential for operational integrity and mission function. The lifecycle of devices requires periodic updates in firmware, software and configuration items. Automation for scalability across thousands of devices requires supply chain integrity – just like approved medications, qualified doctors and hospital systems are in the life cycle of humans. The complexity of supply chain provenance in a global marketplace, distributed manufacturing of piecemeal parts and assembly, multi-vendor software components make the manufacturing process extremely difficult to airtight. The economic cost of mass device recall or recovery would be steep in mission critical systems without built-in self-defending controls.
The need for trusted instrumentation
The ability to service in-field devices post deployment requires trusted instrumentation. In production environment, operators will require the next generation of device security for field interoperability to communicate securely, protect data on the device with secure cryptographic artifacts, and provide trusted integrity measurements.
Support for operational technology (OT) workflows will require over-the-air, over-the-network, and over-portable-media full-stack updates with high assurance of supply chain tamper resistance. The integrated lights-out capability of modern-day data center servers for remote maintenance is coming to devices of the future, with lights-out devices instrumented for remote sustenance of trust in device operations. The economics of device protection will be realized by amortizing the cost over the service lifetime of devices to achieve operational efficiencies in post-deployment remote service orchestration.
Mocana helps device operators bridge the adoption challenge between device vendors and service providers, and enables digital transformation with the emerging 5G network, edge cloud and SD-WAN. We protect the content delivery supply chain and device lifecycle for tamper-resistance from womb-to-tomb, with root-of-trust and chain-of-trust anchors. We measure the device for persisted integrity and for trustworthiness of operations and data to power AI/ML analytics. Our team of security professionals work with semiconductor vendors and certificate authorities to integrate with emerging technologies in order to comply with data privacy and protection standards. The goal of Cyber Protection as a Service is to eliminate the initial cost of modernization for device vendors and empower service providers to offer subscription-based services for effective and efficient digital transformation of things.
Mocana’s core technology protects more than 100 million devices today and is trusted by over 200 of the largest industrial manufacturing, aerospace, defense, utility, energy, medical and transportation companies globally www.mocana.com.