An Approach to Embedded Device Analysis for Network Defense
Analysis and defense of embedded devices, which includes the Internet of Things (IoT), is not always straightforward for network defenders and incident responders. Embedded devices are found in networks big, small, new, or established, which is changing the threat ecosystem of a network. The CERT Coordination Center proposed an initial methodology, the first of its kind, for vulnerability analysis that can be applied to any embedded device, to understand the threat and impacts to a network, and to best defend these devices on a network. This presentation will walk through our methodology, which includes embedded device list curation and identification, information gathering, firmware analysis, web application analysis, mobile application analysis, hardware analysis, and concluding with vulnerability analysis. In addition to the methodology, we also created an open source tool, called TROMMEL, to help incident responders, network defenders, and researchers during firmware analysis. This presentation
will discuss a streamlined and repeatable methodology to produce more comprehensive and actionable results when analyzing and defending embedded devices.
- Defining Embedded Devices
- Embedded Device Vulnerability Analysis Methodology
- Applying this Methodology to Network Defense
- Budget Concerns
- Current Work
Civil Nuclear Power - The Cyber Security Perspective
The threat from cyber-attacks is increasingly perceived as a problem of national and international security as cyber-attacks grow in number and sophistication and as perpetrators are no longer only private hackers or organized criminals, but also nation states. Likewise, attacks once confined to standard computer systems, or information technology (IT), have now been extended to production systems, or operational technology (OT), with all the implications and potential consequences such attacks may carry. To understand implications and consequences for nuclear facilities and in particular for nuclear power plants (NPPs) cyber security domains are introduced. These domains group the various types of computer systems into functional elements, which then can be better understood in terms of their importance for a NPP. While the threat from cyber-attacks against the energy sector is real, elaboration on cyber security threats is done when looking deeper into technology threats and threats stemming from systemic factors. Furthermore, the broadly used threat assessment model Design Basis Threat (DBT) is discussed regarding its limits for cyber. A view on risk modelling and risk mitigation is taken. Cyber security has become an essential element of the overall security framework of nuclear facilities, and this emerging area is a growing priority for facility operators, national regulators as well as international organizations such as the International Atomic Energy Agency (IAEA). It is focused on elements and requirements for cyber security in national regulation as well as operational governance for NPPs.
- Cyber security domains at nuclear facility
- Cyber security threats from nuclear perspective
- Nuclear threat methodology: Design Basis Threat
- Cyber vs physical threat model
- Nuclear cyber security regulatory framework
- Nuclear cyber security management