The Stuxnet malware was a wake-up call for embedded device security when it became public knowledge in 2010. Its sophistication and purpose made it clear that industrial control systems and the embedded systems used to control and monitor critical infrastructure were at risk. Machine to Machine (M2M) and Internet of Things (IoT) realities mean that more and more devices are being deployed and connected to each other. This connectivity is both the promise of IoT (data gathering, intelligent control, analytics, etc.) and its Achille’s heel. With ubiquitous connectivity comes security threats -- the reason security has received such a high profile in recent discussions of IoT.
Security-First Design
Security has not always been a primary concern for embedded devices -- connectivity among devices was assumed to be local, and in the hands of trusted operators and devices. Stuxnet, however, quickly proved that even local access can’t be trusted, as it infected PCs and laptops that then infected programmable logic controllers (PLCs) that were connected via a local area network. Modern devices need to be connected to a network (and frequently the Internet), and these devices require more serious attention to security and applying security principles early in the development lifecycle.