An Approach to Embedded Device Analysis for Network Defense

Kyle O’Meara

Analysis and defense of embedded devices, which includes the Internet of Things (IoT), is not always straightforward for network defenders and incident responders. Embedded devices are found in networks big, small, new, or established, which is changing the threat ecosystem of a network. The CERT Coordination Center proposed an initial methodology, the first of its kind, for vulnerability analysis that can be applied to any embedded device, to understand the threat and impacts to a network, and to best defend these devices on a network. This presentation will walk through our methodology, which includes embedded device list curation and identification, information gathering, firmware analysis, web application analysis, mobile application analysis, hardware analysis, and concluding with vulnerability analysis. In addition to the methodology, we also created an open source tool, called TROMMEL, to help incident responders, network defenders, and researchers during firmware analysis. This presentation
will discuss a streamlined and repeatable methodology to produce more comprehensive and actionable results when analyzing and defending embedded devices.


  • Defining Embedded Devices
  • Motivation
  • Introduction
  • Embedded Device Vulnerability Analysis Methodology
  • Applying this Methodology to Network Defense
  • Budget Concerns
  • Current Work
  • Conclusion

Civil Nuclear Power - The Cyber Security Perspective

Guido Gluschke

The threat from cyber-attacks is increasingly perceived as a problem of national and international security as cyber-attacks grow in number and sophistication and as perpetrators are no longer only private hackers or organized criminals, but also nation states. Likewise, attacks once confined to standard computer systems, or information technology (IT), have now been extended to production systems, or operational technology (OT), with all the implications and potential consequences such attacks may carry. To understand implications and consequences for nuclear facilities and in particular for nuclear power plants (NPPs) cyber security domains are introduced. These domains group the various types of computer systems into functional elements, which then can be better understood in terms of their importance for a NPP. While the threat from cyber-attacks against the energy sector is real, elaboration on cyber security threats is done when looking deeper into technology threats and threats stemming from systemic factors. Furthermore, the broadly used threat assessment model Design Basis Threat (DBT) is discussed regarding its limits for cyber. A view on risk modelling and risk mitigation is taken. Cyber security has become an essential element of the overall security framework of nuclear facilities, and this emerging area is a growing priority for facility operators, national regulators as well as  international organizations such as the International Atomic Energy Agency (IAEA). It is focused on elements and requirements for cyber security in national regulation as well as operational governance for NPPs.


  • Cyber security domains at nuclear facility
  • Cyber security threats from nuclear perspective
  • Nuclear threat methodology: Design Basis Threat
  • Cyber vs physical threat model
  • Nuclear cyber security regulatory framework
  • Nuclear cyber security management

Recent News

June 26 2018

We are happy to announce our first set of confirmed speakers for the 2018 COUNTERMEASURE IT Security Conference, which includes Scott Jones, Head-designate, Canadian Centre for Cyber Security and Assistant Deputy Minister for the Communications Security Establishment (CSE). Mr. Jones joins Imraan Bashir, Senior Director of Cyber Security within the Chief Information Officer Branch at Treasury Board Secretariat (TBS).
You can view their profiles and those of our other speakers here.

November 24, 2017

COUNTERMEASURE 2017 welcomed over 300 participants to discuss key topics in public sector IT security.  We have posted most of the presentation slides here, and two of our most talked about presentations are now available on our YouTube channel.  

Kelly Shortridge - The Red Pill of Resilience

Frode Hommedal - The Cyber Threat Intelligence Matrix: Taking the Red Pill of Attacker Eviction

Cancellation Policy

Substitutions can be made at any time. Unfortunately we cannot refund registration fees. Each course is subject to a minimum number of students. In the unlikely event that a course must be cancelled due to low enrolment, full refunds will be provided to registered students.

For more information on COUNTERMEASURE 2018, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or our office line at 613-725-2079.