TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»How the Secure Development Lifecycle Can Help Protect IIoT Deployments
    Cyber Security

    How the Secure Development Lifecycle Can Help Protect IIoT Deployments

    January 22, 2019Updated:January 22, 2019No Comments7 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Have you been attacked? Digitpol the global investigation firm can help you, visit Digitpol’s website to learn more.


    It’s Not Enough to Assume a Vendor Has Done Its Job When it Comes to Securing IIoT Devices

    As the process of digitization accelerates across all sectors, so too does the number of cybersecurity challenges that present themselves. Once perceived primarily as a challenge to engineering, corporate IT and consumers, it’s now a hot topic for all. From the healthcare and automotive sectors, to industrial control systems (ICS), building management or energy distribution, the growing fears that increasing network capabilities will lead to greater risk are very real and justified. More networked devices are finding their way into more systems, and the abilities of attackers are improving by the day.

    Over-exposure to cyberattack, however, is a symptom of a more fundamental problem that is common to all product areas, and there’s a solution which is the same for any industrial setting. Security considerations are not being taken into account early enough in the development of new products, leaving potential vulnerabilities to be fixed at a later stage when it is often too late. What is required is strict adherence to the principles and framework of the Secure Development Lifecycle (SDL) process.

    SDL is well understood and was first introduced to software engineering almost two decades ago, yet it is still notable by its absence in many new deployments of Industrial Internet of Things (IIoT) technologies, and in more general hardware development. It’s much more than a process, too. Having a mature SDL process is a key tool that vendors can use to demonstrate their products are secure by design. 

    To put it another way, SDL is key both to protecting industrial components and networks from cybersecurity risks, and improving the level of trust and confidence that users will ultimately place in them.

    What is SDL?

    SDL is a mature process for providing cybersecurity assurance. It’s a methodological process to identify and reduce potential threat vectors, based on detailed knowledge and understanding of how and where a product will operate. The latter is a particularly difficult task in the worlds that are opening up to connected devices, such as automotive, medical devices, building management systems and ICS, because they tend to be highly fragmented environments that have been expanded in an ad hoc manner over time. Consequently, it is not always clear at the outset where a product will be operational, and what other systems it will interface with.

    At its heart, SDL is simple to understand. It’s a strategic way of ensuring that assets are prepared for an attack, by baking security considerations into the design process at every stage of product development. It starts with a full and documented risk assessment even before an initial design document is produced.

    During the design process, a full analysis of the attack surface presented by the product should be conducted, along with threat modelling based on the context in which a device will be used.

    SDL means that developers should adhere to strict code guidelines – which means no more easter eggs or humorous comments/hints hidden in programmes. It also means that security testing (e.g. manual/automated code review) should be an intrinsic part of the regular quality assurance process, given the same priority as bug hunting and compatibility checks.

    Through careful and constant assessment right up to the point of deployment, SDL should ensure that there are no undocumented backdoors, that network interfaces are properly configured and that access to devices is strictly controlled. Continuous testing throughout the design process should include penetration testing, static analysis and “fuzzing”, a process that involves trying to overload systems with random data to look for weaknesses that might be exploited by hackers.

    Post-deployment, SDL should ensure that there are mechanisms in place for securely upgrading firmware, checking device integrity and monitoring for unusual behaviour – and the same continuous testing

    Why isn’t SDL universal?

    While there has been an improvement in many vendors’ approach to product design in recent years, SDL should incorporate the entire supply chain for a networked solution, and too often elements are left until later in the design pipeline, which leaves security bolted on as an afterthought. In the design of industrial equipment, physical safety has always been of paramount importance; today cybersecurity needs to be treated in the same way.

    There are three key reasons that this tends to occur: 

    Firstly, the primary motivation for product creators is getting a new technology to market. There’s always a push on the development team to meet certain deadlines, and KPIs are structured around these targets. This means that there is not always enough time to look at the security of what is being built in terms of software and hardware, and devices are pushed out before they are ready.

    Secondly, there is a cost factor to SDL. You need assurance reviews, better tooling and processes, specialised software and hardware, all of which has an associated cost. 

    And finally, there’s the issue of awareness and shortage of skills when it comes to developing the applications that underpin industrial hardware and the IIoT. A software engineer’s role is to build an application or system to specification. You can be a brilliant developer when it comes to writing code that executes quickly and meets the project requirements, but writing secure code is a skill set which isn’t as widespread. Developers don’t know what they don’t know – it’s difficult to ask for advice to fix potential security holes if they are not aware of the problems they may be creating.

    What’s the answer? SDL as competitive advantage

    Customers are aware of the risks around deploying new technology on their networks, and SDL should be seen as a key way for suppliers to differentiate their offering. Using the language and processes of SDL to demonstrate mission readiness is a powerful sales tool, and responsible developers will invest in the best possible protection against the potential damage to revenue, reputation and operations that a cyberattack can cause, providing the benefits are clearly communicated.

    Likewise, for end customers SDL provides a toolkit for interrogating suppliers. They should look for vendors who can explain their implementation of SDL, and whose design departments are compliant with the ISA/IEC 62443-4-1/2 standards. For the last 12 years, the organization ISASecure has worked to certify ICS equipment that meets these standards and help customers understand what they mean. Likewise, suppliers of IIoT solutions should be familiar with the Industrial Internet Consortium’s (IIC) Internet Security Framework (ISF) document, and the Open Web Application Security Project, a forum for professionals who share information.

    And ultimately, customers should realize that it’s not enough to assume a vendor has done its job. Even if messaging is right, corners may have been cut. Customers should have their own resources on hand for regular testing and hardening of solutions over time.

    Put all of that in place and SDL becomes a vital tool for improving and communicating about security in IIoT deployments. Without it, we’ll just keep making the same mistakes over and over again.

    Learn More About Industrial Security at SecurityWeek’s ICS Cyber Security Conference

    view counter

    Jalal Bouhdada is Founder and Principal ICS Security Consultant for Applied Risk. He has over 15 years’ experience in Industrial Control Systems (ICS) security assessment, design and deployment with a focus on Process Control Domain and Industrial IT Security. Jalal has led several engagements for major clients, including many of the top utilities in the world and some of the largest global companies in industry verticals including power generators, electricity transmission providers, water utilities, petro chemical plants and oil refineries He holds a B.S degree in Security Assurance from Amsterdam University of Applied Sciences and is an active member of the Industrial Internet Consortium (IIC), ISA99, NEN, CIGRE and other professional societies.

    Previous Columns by Jalal Bouhdada:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    National Security News

    List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

    September 24, 2022 Cyber Security

    Cybersecurity ranked most serious enterprise risk in 2022

    August 31, 2022 Cyber Security

    Registration open for CISA virtual summit on K-12 school safety

    August 31, 2022 Cyber Security

    What do the Trickbot leaks reveal about Russian cybercrime?

    August 31, 2022 Cyber Security

    What cybersecurity measures do CISOs outsource?

    August 30, 2022 Cyber Security

    SIA announces Women in Security Forum scholarship recipients

    August 30, 2022 Cyber Security
    Editors Picks

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022

    Google Cloud Says Running Validator on Solana Blockchain

    November 7, 2022

    European stocks rise as investors boosted by China speculation

    November 7, 2022
    Trending Now

    Evergrande creditors sell ‘Versailles mansion’ plot in Hong Kong

    By techbizweb

    OpenSea Creates Tool for NFT Creators to Enforce Royalties On-Chain

    By techbizweb

    FTSE chairs warn of declining relations with institutional investors

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.