Linux, Cybersecurity and Protecting Industrial Control Systems

Large amounts of data pass through the internet every day from IoT controls and devices. When it comes to Linux IoT cybersecurity, the level of embedded security should be considered the highest priority.

A power plant at nightWhen it comes to Linux IoT cybersecurity, the level of embedded security should be considered the highest priority. Unlike a traditional client server system, the Internet of Things (IoT) is a transparent, mostly unmanned process; going for weeks or even months without any human intervention or monitoring.

The old saying “out of sight, out of mind” has an entirely different meaning when considering Linux IoT. Large amounts of data pass through the internet every day from IoT controls and devices. Oil and gas pipeline valves, power transmission switches and many other data types for industrial, commercial and personal controls travel hundreds or thousands of miles to keep our homes, the power grid, pipelines and businesses safe and secure every day.

A Linux IoT Cybersecurity Primer

To start, let’s review some IoT cybersecurity basics. First, most embedded systems are static, meaning they are deployed with operating system and applications contained in read-only memory. This protects these two areas from prying eyes or tampering hands, but it also leaves them vulnerable to outside tampering during system updates.

While updates may be distributed on read-only media, certain patches or updates may be provided through the internet, Wi-Fi or other wireless network protocols. Since many of these systems are in low-traffic areas, someone hanging around doing wireless eavesdropping may not be as noticeable in a rural area as they would be in a major city or town. Deploying and updating embedded Linux IoT systems can be a daunting task when the clock is ticking to fix a bug or provide a new major feature, so planning and security awareness always need to be the highest priority.

Next, embedded Linux IoT may not utilize traditional firewalls, opting instead for less expensive hardware that uses custom routing techniques and unique TCP/IP port usage. Since embedded Linux IoT networks usually carry much less traffic than a traditional data network, they may be on less expensive types of networks, such a mesh networks, custom wireless USB and Bluetooth. This means that traditional cybersecurity monitoring, defense and countermeasures are ineffective or don’t work at all.

Also, many of these systems have to integrate into existing embedded networks that have been around for many years, so legacy communications systems are highly likely to require support. Older technology is often the weakest link when it comes to cybersecurity. But replacing old technology with new can be expensive and time consuming and almost always.

The last point to consider is a rather hot potato. Embedded communications have been in place for more than 50 years. Most embedded systems are developed once and maintained for a lifetime. Embedded systems I developed in the early 1980s are still in place today with remarkably minor changes and enhancements.

The point is, these systems weren’t developed by IT departments because they are part of electrical and electronic engineering. Dishwashers, automobile computers and cellular towers all contain embedded processors, and two of the above have embedded Linux systems. And IT departments have never been involved with embedded systems development because they are much different, require much different skills and disciplines to develop, and are not maintained in the field by IT departments, but rather engineering groups.

Over time, retail IoT may become part of the IT department or IT may have some hand in the direction of cybersecurity on embedded systems. Or embedded cybersecurity may become a new field within embedded development departments, only time will tell. The point is, bringing cybersecurity to embedded Linux IoT will require thinking outside the IT box for solutions.

The Face of Cybersecurity in the Embedded Linux IoT World

Embedded hardware could be considered controlled access by today’s standards. When you need to replace a portion of an embedded control systems that is almost 40 years old and continue supporting legacy communications hardware, it can take a meeting of the minds. Generally, controlled access to legacy hardware and read-only portions of applications and operating systems prevents prying eyes and tampering hands from making backdoor changes.

Embedded Linux provides a plethora of state-of-the-art security, monitoring and secure point-to-point protocols to handle secure communications. Combining embedded Linux IoT with new state-of-the-art microcontrollers with built-in security provides a point-to-point solution that can encompass legacy non-secured microcontrollers.

The inherent security features of embedded Linux IoT have forced microcontroller manufacturers to include hardware security or lose large market segments. With that said, locking down embedded hardware from field changes will, for some time, continue to be the most effective way of dealing with malware and viruses that can get into the operating system or application layers.

Avoiding a Worst-Case Disaster on Embedded IoT

There are some true concerns and issues here, so let’s look at how embedded systems, good cybersecurity practices and Linux code portability come together to address these issues.

Physical security in a remote location is the first line of defense. Keeping all communications equipment under lock and key, away from physical and environmental harm is the first line of security. Remote embedded Linux IoT systems can easily be equipped with a physical tamper switch. Even a locked cabinet can have a sensor that monitors the cabinet opening and closing and can transmit an emergency message that the unit is being opened.

At this point, the server can simply shut down the remote sensor and control systems or transmit final sensitive data, format the media and erase OS and program memory, leaving the system fully disabled with no useful data until a technician has been dispatched to check out the problem.

Remote communications with the server(s) can be contained in encrypted wrappers that use a secure socket, virtual private network (VPN) or encrypted packets transmitted on special ports used only for this type of secure communications. The encryption techniques can be hardware, software or hybrid combinations that keep both data and control data secure, making deciphering it much more difficult. The harder it is to decipher messages and monitor communications, the more difficult it will be to infiltrate unnoticed and the less likely anything of use will be taken except for physical hardware.

Since Wi-Fi is being used for communications at the end of the physical data journey, adding encrypted passkeys and not broadcasting SSID information makes it only accessible to those who are already aware of the network’s presence.

Cybersecurity Customization with Linux

On new embedded Linux IoT networks, using standard forms of software cybersecurity allows for more customization. For example, using a VPN connection between the embedded server and the sensor data collector/controller allows the hard coding of the IP address, SSID and WPA key(s). Take this one step further, and these keys can be retained using special encryption techniques, including public/private encryption practices. And modifying the same source with custom techniques and processes allows the same code to be reused by adding a new cross-platform compiler and architecture. Building custom cybersecurity applications can be done all at once, tested, debugged and deployed.

The same holds true for locking down the server application that collects sensor data and does sensor control and setup for embedded servers and clients. Once the applications have been debugged, a certificate for each can be created and authenticated for deployment.

Now when the application is executed, the program can be checked for authenticity and shut down before execution should the application be tampered with or replaced with a phony application. Updates and data can be scanned for malware and backdoor intrusions across all architectures and platforms.

These are just a few ideas, techniques and countermeasures that can be used for embedded Linux IoT. The numbers of solutions and techniques for how to address cybersecurity using embedded Linux IoT are endless.

Do you want to work on embedded systems? CompTIA Linux+ combined with CompTIA Security+ validates the skills needed to secure embedded systems. Download the exam objectives to see what the exams cover.

Leave a Comment