Embedded Design

Shaping applications with PSA Certified

25. März 2021, 14:30 Uhr | Simon Butcher, principal security engineer, Arm
IoT Security
© Preechar Bowonkitwanchai | shutterstock.com

Embedded IoT systems today are exposed to many different threats. These should already be considered during the development process. Standards are a great help here – for example PSA Certified.

Industry is being transformed by the large-scale integration of smart technology and cloud-based services. This trend, often called the Industrial Internet of Things (IIoT), promises enormous commercial and technical advantages, through greater flexibility, productivity gains and new business models. However, the increase in connectivity means greater exposure to network-based attacks, and the significant risk that industrial infrastructure may be vulnerable to attack.

While there is widespread adoption of connected devices, recent research which surveyed technology decision makers in the electronics industry, shows there is a gap between the perceptions of security implementation and the reality. While 61% say they are on track with security, less than half (47%) said they carry out a threat analysis in the design of every new product.

As we embrace these new technologies, it’s crucial that security is built in from the ground up to protect manufacturers and vendors from a set of risks that could affect both their reputation and bank balance. Collaboration will also be key, with 84% of tech decision makers showing interest in the development of an industry-led set of guidelines and processes to help build IoT security. This article details the security threats the IIoT faces and how initiatives such as PSA Certified can help secure connected devices, ensuring security is not a barrier to enabling the automated future of industry.

Anbieter zum Thema

zu Matchmaker+
Robot in a factory
Figure 1: A robot welds a component in a factory.
© Arm

Industry 4.0 has transformational potential

Historically, corporate IT systems have been separated from operational technology (OT), the networking and control systems used to manage industrial equipment itself. But this is changing. The IIoT is transforming industry, whether in manufacturing, chemical production or other industries, OT is merging with IT.

Equipment previously designed to have limited connectivity, is now being designed to connect to wider networks and cloud services, while systems in the factory and back office are merging to become ever more integrated.

The use of machine-to-machine integration, smart sensors, machine learning, and big data all combine to transform industry, and to make whole industries more efficient, productive, flexible, and capable of managing risk.

The bad news: Security challenges with connected devices

However, while the integration of devices and systems brings a great number of benefits, there are also security challenges that must be considered. Smarter factories and greater automation mean more networked devices, and a greater dependency between systems. This larger network offers a greatly increased attack surface.

The integration of OT and IT may also not be straightforward. Both have different lifecycles and operating environments. Laptops and servers may be routinely changed in offices every few years, but assembly line production equipment is not. Industrial equipment can be very long lived, and a failure to design security into devices from the outset could lead to costly mistakes. So, what are the security risks in factories that must be considered?

Supply Chain Risks Operational Risks Risk to Business

Counterfeiting and cloning

Intellectual Property theft


Remarking and recycling

Malicious manipulation of hardware, software or production processes



Unauthorized access







Corporate espionage


Supply chain risks

Supply chain risks focus on risks to the authenticity of your product, whether it concerns a product or material you are purchasing for your factory, selling to others, or simply using. Everything from high to small volume products, their service parts and components, can all be counterfeited, and even though it’s not physical, unauthorized servicing would also belong to this category.

A device's security also needs to be considered not just in operational use, but during its own manufacture and at end of life. Devices stolen during production or decommissioned should not be capable of being reused and this requires a secure lifecycle.

Operational risks

Operational risks are risks concerning the operation of automated equipment within a factory. Many businesses focus on delivery and production, and there may be little notion of security beyond physical security. Purchased equipment may be expected to work with minimal maintenance, as an assembly line stop can be very costly.

Manipulation of factory processes could halt production. An attacker may want to steal intellectual property, or commercial information about volumes produced, yield or production processes. Unauthorized access can come in many forms - from a busy factory manager who wants to tweak equipment to make it faster, unaware they may be turning off safety precautions, to employees with malicious intent.

Not everything that is configurable should be accessible and that is particularly true in equipment that must meet functional safety requirements, or where the product can pose a risk to the consumer, such as food or medicines.

Risk to business

The final column is about the risk to the business, with many already applying to corporate IT departments. By adding more technology to factories and increasing the level of automation and networking, we are introducing existing risks from IT into OT.

The attack surface is increased, and the opportunity to attack, regardless of motive, becomes much greater. It is a truism in software security, that an attacker will target the weakest point between themselves and their objective.

What’s the likelihood of an industrial IoT attack?

The reality today is that many industrial installations are vulnerable to basic attacks and wouldn't meet the security requirements of a modern IT department.

From a survey of the security of industrial control systems it was found that 84% of sites were remotely accessible by a remote management protocols, and 69% were passing passwords in plaintext across their networks.

This may be the risk, but what’s the reality and likelihood of an attack?

If a site can be accessible from the internet, it is open to a potential attack which could be due to a variety of reasons and motives. Over the last decade, there have been a series of incidents on industrial installations, some of which have been serious, sophisticated attacks with clear malicious intent. From Stuxnet in 2010 which demonstrated a very high level of sophistication, through to Triton most recently.

Ransomware has in recent years brought many companies to their knees and has shown that a vulnerable target can be exploited as a matter of extortion. Ransomware that has spread virally, intended to attack desktop infrastructure could have much more grave consequences for an industrial installation with functional safety objectives.

Network-based threats

Networked devices, particularly devices accessible from the internet, are exposed in many ways. The internet is inherently untrustworthy, and network traffic sent or received over it, is susceptible to eavesdropping, tampering, and impersonation if unsecured. With direct network-based access to a device, an attacker may be able to exploit vulnerabilities in a device to subvert it, and once an attacker has a presence on a device, they may be able to use it to scale their attack to other parts of the network. From this starting point, if an attacker can reach a device, and if the device is not properly secured, it may be possible to change or modify the device's firmware, configurations or stored data.

Software vulnerabilities are in essence defects that can be exploited by an attacker. When designing a device for security, it is always important to reduce the number of vulnerabilities that might be present. This can be done through best practice, such as careful management of the quality of the software and the management of security threats, be it through threat modeling, design reviews, or static source code analysis.

But you can never assume you will always succeed. Nobody designs or writes perfect software, so whilst it is important to minimize the risk of attack through reducing the possibility for a software defect, it is also important to design into a product how it will be handled if a security issue is found.

  1. Shaping applications with PSA Certified
  2. The good news: We have the tools to mitigate these security threats

Das könnte Sie auch interessieren

Verwandte Artikel

ARM Germany GmbH