How to ensure the interoperability of the various elements?
In both the civilian and military world, a custom-developed embedded system is often at the interface of standard elements, procured from various suppliers. It is therefore one of the roles of customisation to ensure that, despite their different origins and technologies, all the components of the system can safely interact with each other.
These communication and distribution units are therefore doubly critical: on the one hand, because they are essential to the proper functioning of the system and, on the other hand, because they are key components of cyber security. For each exchange, they are responsible for ensuring the identity of the sender and receiver, verifying their respective rights to share information and guaranteeing the integrity and confidentiality of the data exchanged.
The solutions for this are well known: white and black lists of users, digital certificates, unique physical addresses (Media Access Control), etc. However, in the embedded world, everything becomes more complicated because it is necessary to manage components, data and users who live side by side on networks without having the same levels of criticality or the same authorisations. In addition to performing the usual checks, the interconnection gateway must therefore be capable of differentiating rules and isolating flows. In the military world, or in certain sensitive activities, an additional difficulty arises because a data flow may itself contain information of different formats and sensitivity. For example, a photo sent by a marine to his family could contain information with serious consequences on the ship’s time and location. Through monitoring and filtering, the gateway must therefore prevent the leakage of sensitive data while allowing people and systems to access the open world as much as possible.
Multi-level, capable of differentiating and isolating flows while preventing data leakage, the communication gateway must be compatible with a maximum number of formats and protocols. It must ensure the interoperability of systems that can be extremely different and likely to evolve significantly, both in the short term (updates, replacement of components, etc.) and in the longer term (technological innovations, equipment modernisation, etc.). It is important to bear in mind that the lifespan of the systems concerned can be counted in decades, interspersed with missions that can last up to several months. Before embarking on such operations, it is essential to ensure that the replacement equipment is compatible with the cybersecurity rules implemented in the gateways to which it will be connected: white-listing, certificate validity period, etc.
In the end, we find the same challenge at the level of communication gateways that is generally faced in the cybersecurity of embedded defence systems: finding the best compromise between security requirements, the many technical constraints and operational readiness. For example, it would be unthinkable that the execution of a security procedure, such as the updating of a white list, would delay the launch of a mission. In order to choose the most appropriate solution, it is therefore essential to take the exact measure of the risks upstream by considering all possible organisational, physical, hardware and software locks. For example, it may not be essential to over-secure the exchanges between the components integrated into a box if the box is practically inviolable and inaccessible from the outside. In the embedded world, more than anywhere else, cybersecurity remains above all a matter of balance.
Through the illustrations and focus of these different articles, we have addressed the various critical points and challenges that the development of an embedded defence system must respond to. With the rise of collaborative combat requirements and the rapid evolution of technologies, the need to cyber secure embedded defence systems is ever increasing.
Specialised in the design of embedded systems for defence platforms, the Air Land Sea electronics (ALSe) activity of the Atos Group develops methods and technological know-how to meet their specific cybersecurity challenges:
- comply with information systems security requirements;
- respect the specifications related to the constraints of critical environments;
- maintain the appropriate level of performance;
- guarantee the operational readiness of the systems to ensure that mission execution is not compromised.
About the authors
Norbert Di Costanzo
Chief Operating Officer and senior member of Atos scientific community
Norbert is Chief Operating Officer of Air Land Sea electronics solutions at Atos, a position he has held since 2012. Norbert is part of the Atos communities of experts specialised in advanced computing and hard/firmware.