Edge device security is an increasingly important (but often overlooked) consideration in today’s connected world. As more physical assets are monitored by, controlled by or interacting with a growing number of stakeholders, the potential for malicious attacks becomes greater.
Although there is widespread understanding of the threat of cyber-crime in the personal and corporate worlds for those using cloud computing, the internet and social media, there is less awareness that an equivalent threat exists in the machine-to-machine (M2M) environment. This is despite – as the Industrial Internet of Things (IIoT) becomes more pervasive – a corresponding rise in the potential applications of edge intelligence.
All the technology needed to protect against attacks on data and communications networks already exists and is well-established in the IT and enterprise environment. However, it is still the case that too many users in too many industries take minimal precautions to protect their edge devices and the assets connected to them. Part of the problem is that security is not ‘one size fits all’ which means the most suitable solutions can only be achieved through strong partnerships between end users and edge platform vendors.
Less proprietary, more connected
Historically, applications at the edge have tended to be concerned with protocol conversion, data filtering or data aggregation but today we are seeing the emergence of more advanced applications involving, for example, machine learning and edge inference. At the same time, industrial systems are becoming less proprietary and more connected and make greater use of mainstream internet technologies such as big data and artificial intelligence (AI). In this changing world, the edge has become much more than a relatively passive collector and translator of data. It is now the principal point of local control and decision making in such applications as intelligent factories, smart machines, infrastructure and transportation. This means ensuring the security of edge devices and the applications running on them must be the top priority in any M2M project.
Here are 11 essential security questions that every operator must ask themselves when working in a large-scale edge environment:
- can you reduce the physical attack vectors?
- can you detect unauthorised physical access?
- where/what is the root of trust?
- are keys generated and stored securely?
- can you employ remote attestation?
- have you encrypted everything you can?
- how do you lock down any BIOS or equivalent?
- can you secure the operating system?
- is secure boot implemented?
- what about the communications link?
- have you configured and optimised all available security mechanisms?
What an edge platform partner needs to offer
Much of the above may seem obvious but many device manufacturers lack the experience, skills or partner connections to optimise configurations for many applications. Even fewer use these skills to co-operate with customers to develop optimal solutions for their specific systems and security policies and fewer still have the ability to replicate and produce devices at scale with the agreed custom hardware and software configurations.
That’s why for the best outcomes it is crucial to get it right when evaluating an edge platform partner and to choose one that delivers large proportions of solutions from within its own portfolio without many different parties in the supply chain. The lower the number of suppliers involved, the lower the risk of interface problems, especially in terms of communications system components, sensors/sensor interfaces or application level frameworks and/or solutions.
In today’s increasingly standards-based, interconnected world, flexible and intelligent edge platforms provide application environments that could be shared between various departments, stakeholders and sometimes even different companies. Because these are subject to regular application and configuration updates, it is not enough for users to have remote access to application level functionality. Instead, it is vital that they can also access and interact with the underlying operating system, firmware and even ‘bare iron’ hardware elements to service ongoing flexibility and security requirements. More importantly, it is essential that these can be accessed remotely over a communications network in order to minimise the number of site visits required and to provide a mechanism by which security updates can be rolled out to a large number of remote sites in the shortest possible time.
That’s why an edge platform partner needs to offer the facility to remotely monitor, manage and maintain an installed base of tens, hundreds or even thousands of remote devices. A good remote monitoring solution will help to predict potential problems and raise alarms about emerging issues before they escalate and affect device operation. To prevent problems with bugs or hacks to software on devices, some form of out-of-band access is essential so that interaction is possible even if the operating system has crashed or a drive has failed.
Finally, while securing the edge is essential in an M2M world, it’s worth noting that depending on hardware, not all options will be possible for all devices.