Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Sorting Out Security: Making Sense of Today's Solutions

Security at the process level is essential to creating an immunity to the cyberattacks of tomorrow.
By Jothy Rosenberg
Jun 06, 2018

Today's cybersecurity landscape is confusing and difficult to navigate. There are thousands of vendors selling different flavors of security solutions for embedded systems and networks. Solutions range from antivirus software to encryption to intrusion-detection systems to compartmentalization, and beyond. All of the above have value in our war against cybersecurity threats, but what's the difference between them? And what are the best solutions to protect embedded systems?

The Big Problem
First, let's remember that one of the major reasons our systems are vulnerable is that they run software—and all software is flawed. On average, there are approximately 15 bugs per thousand lines of code, about 10 percent of which can be turned into exploitable vulnerabilities, according to Steve's Maguire's Writing Solid Code (Microsoft Press, 1993).

Network-based attacks can take over a device's processor by exploiting software vulnerabilities in the application or operating system. Threats include buffer overflow attacks, control-flow hijacking, and code injection; these three classes of attack combined represent 90 percent of today's network-based attacks.

So, which of the many different cybersecurity solutions available today will best protect embedded systems from attacks that prey on software vulnerabilities?

Cybersecurity Software
Cybersecurity software is, well, software. And because it's software, it's inherently flawed. Even modestly sized cybersecurity software totals up to one million lines of code. That's 1,500 exploitable vulnerabilities in software that is supposed to act as protection. More sophisticated intrusion-detection systems are ten times that.

Software has bugs, and layering buggy software on top of other buggy software is not a good idea. It just leaves companies and individuals more exposed.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations