The EU Radio Equipment Directive, which will be enforced on August 1, 2024, will have enormous impact on selling embedded systems in Europe. Next to that: the EU is in the process of introducing the Cyber Resilience Act. Embedded systems are found in a wide range of industries, from medical devices to automotive systems to industrial controls. These systems often have unique security challenges due to their small size and specialized functions. It is important for developers to follow best practices for secure design and development to ensure the safety and reliability of these systems. It is also important to consider governance considerations such as regulatory standards, threat modeling and risk assessment, and incident response planning.
Vulnerability of radio equipment to different security breaches and consequences
Source: Impact Assessment on Increased Protection of Internet-Connected Radio Equipment and Wearable Radio Equipment
Embedded System Development: A short overview of best practices from a govenance and security perspective
With the continuously rising amount of cybercrime scenario's, it is essential to follow best practices for secure design and development when working with embedded systems. One key principle is to follow secure coding practices and use tools such as static code analysis and fuzz testing to identify and mitigate vulnerabilities in the system. For example, static code analysis can detect issues such as uninitialized variables or buffer overflows that could potentially lead to security vulnerabilities. Fuzz testing involves sending random or unexpected input to the system in order to uncover any unexpected behavior or vulnerabilities. It is also important to implement proper input validation and sanitization to prevent malicious code injection. For instance, input validation can help to ensure that only expected data types are accepted by the system, while input sanitization involves filtering or encoding potentially malicious input to prevent injection attacks.
In addition to these practices, it is important to implement testing and validation methods to ensure the security and reliability of the system. This can include penetration testing, in which simulated attacks are launched against the system to identify vulnerabilities, and fault injection, in which controlled faults are introduced into the system to identify how the system responds and if it is able to recover properly.
Another key aspect of secure design and development for embedded systems is the implementation of secure boot and firmware updates. This can include measures such as digital signing and secure bootloader design to prevent unauthorized updates and maintain the integrity of the system. For example, a secure bootloader can check for a valid digital signature on the firmware before allowing it to be loaded, ensuring that only authorized updates are installed on the system.
Hardware security measures, such as secure communication protocols and tamper-resistant hardware, can also help to prevent unauthorized access to the system. For example, implementing secure communication protocols such as SSL/TLS can ensure that data transmitted between the embedded system and external devices is encrypted and protected from interception. Tamper-resistant hardware can include features such as physical protection against tampering or hardware-based security measures such as secure elements or trusted platforms.
Often overlooked: Thread modeling
In a lot of embedded scenario's we need to make a trade-off between ensuring usability and strong UX (user experience) on the one hand, and high levels of security on the other. Therefor it is important to use Thread modeling next to User Experience modeling.
Threat modeling is an essential consideration in the design and development of secure embedded systems. This process involves identifying potential threats and vulnerabilities that could impact the system, and implementing measures to mitigate or eliminate these risks. Threat modeling can be done at various stages of the development process, from initial concept to final deployment, and should be an ongoing process to ensure that the system remains secure over time. In order to effectively threat model an embedded system, it is important to understand the system's assets, such as services, devices, physical equipment, people, and data, and to consider the potential threats to these assets. This can involve analyzing threat taxonomies and risk scenarios to identify potential risks and prioritize their impact and likelihood. By implementing appropriate security measures based on the results of threat modeling, developers can create more secure and reliable embedded systems that meet the needs of their users.
EU Governance Perspective: Massive changes ahead in the upcoming years
The EU is now focusing heavily on improving governance for embedded systems. While this is not going fast and might not yet cover all important aspects, it is important to consider governance considerations to ensure compliance with upcoming regulatory standards and protect against potential security risks. One significant regulatory change that will impact the design and development of embedded systems is the Radio Equipment Directive, which will be enforced on August 1, 2024. This directive applies to devices with wireless radio communications, including wireless internet of things (IoT) devices, and requires that these devices meet certain requirements in order to be sold in the EU. This means that many wireless IoT devices currently on the market will become illegal to sell in the EU after August 2024, unless they are updated to comply with the new requirements.
In addition to the Radio Equipment Directive, the NIS2 Directive and the Cyber Resiliency Act will also have significant impacts on the design and development of embedded systems in the EU. The NIS2 Directive, which will take effect at the end of 2024, will require medium and large-sized companies in certain sectors, such as electrical equipment manufacturing and the chemicals industry, to implement information security management systems. The Cyber Resiliency Act, which is set to take effect in 2025-2026, will apply to all products with a digital dimension, including devices, software, and electronic and software components, and will require that these products meet new CE marking requirements for cybersecurity.
Operational perspective on Railroad and Healthcare industry
From an operational perspective, it is essential for both the railroad and healthcare industries to prioritize security and governance in the development of embedded systems in order to ensure the compliance and security of their operations.
One example of how threat modeling can be applied in the development of new embedded systems for the railway industry is the CENELEC Protocollo Vitale Standard. This standard is designed to ensure the security and reliability of operational technology (OT) systems in the railway industry, including industrial process measurement, control, and automation systems. In order to effectively threat model these systems, it is important to understand the system's assets, such as services, devices, physical equipment, people, and data, and to consider the potential threats to these assets. This can involve analyzing threat taxonomies and risk scenarios to identify potential risks and prioritize their impact and likelihood. Once potential threats have been identified, appropriate security measures can be implemented to mitigate or eliminate these risks. For example, the CENELEC Protocollo Vitale Standard includes requirements for secure communication protocols, access control, and incident response planning, which can help to protect against potential cyber threats to OT systems in the railway industry. By considering governance considerations such as threat modeling and implementing appropriate security measures, developers can create more secure and reliable embedded systems for the railway industry.
In the development of embedded systems for the healthcare industry, it is essential to prioritize security and governance in order to protect sensitive patient data and ensure the reliability and continuity of vital healthcare systems. This is especially important in the European Union, where the Radio Equipment Directive (RED) requires that devices with wireless radio communications, including many healthcare devices, meet new CE marking requirements for cybersecurity by August 2024. To meet these requirements and ensure the security and reliability of their embedded systems, companies should focus on implementing controls across three key domains: people, processes, and technology. This can include hiring top-tier cybersecurity talent, investing in cybersecurity tooling and capabilities, and integrating security best practices into all operations. By adopting a holistic approach to security and governance, developers can create more secure and reliable embedded systems for the healthcare industry that meet the requirements of the RED and ensure the protection of sensitive patient data.
Less is More: reduce your attack surface
Keep in mind that a cyber criminal only has to exploit one vulnerability to be successful, while your system must be protected against all vulnerabilities. This is an unballanced game. Therefor the best approach to security in embedded systems is to reduce the attack surface as much as possible. This means removing unnecessary code and interfaces, separating out applications and functions using hardware or software partitioning, and implementing principles such as least privilege and mandatory access control. While it may be tempting to mindlessly deploy a monolithic system, it is important to carefully consider what is truly necessary and take steps to remove any unnecessary components. Always remember: It is not a matter of if, but when, an attack will occur, and being prepared and proactive is the key to minimizing the impact and protecting ourselves and our assets.
Further Reading
For further reading on the topics of security principles and governance considerations for embedded systems, check out the following resources:
- the EU Radio Equipment Directive, set to be enforced on August 1, 2024, will have a significant impact on the sale of wireless IoT devices in the EU and should be considered when designing and developing these systems
- the EU Cyber Resilience Act
- the Complete Guide to NIST: Cybersecurity Framework, 800-53, 800-171
- NIST cybersecurity framework: How it will impact healthcare
- the ISA/IEC 62443 framework for industrial control systems security
- the EU-wide cybersecurity requirements to protect privacy and personal data
- the European Union's Cybersecurity Act (CSAC) provide important regulatory frameworks for the design and development of embedded systems in the EU
- from a more general perspective: the ISO/IEC 2700x family of standards for information security management
- Railroad specific: Development and validation of a safe communication protocol compliant to railway standards
- Healthcare specific: MDCG 2019-16 - Guidance on Cybersecurity for medical devices
Top comments (0)