To successfully build a system of connected devices for your customers, you must plan for security throughout the life cycle of the machines. After making your design decisions and securely configuring the devices, the final step is to ensure they are securely deployed and operated.
Rolling out a fleet of connected devices can be a complicated logistical exercise. Offering guidance and automation to streamline the installation will give your customers confidence and a smooth experience.
Here are some questions to consider when planning for deployment of the fleet:
- Is this a new set of devices or a retrofit to an existing system?
- Who will be physically installing the system (a technician or not?) and will you need to create installation software to support them? Be sure not to leave default passwords in place!
- Is there any calibration or validation needed at installation time?
- If the devices do not work, is there guidance or troubleshooting available? Does it match the capabilities of the person installing the system?
- How will the devices be identified in the system – geographic location, address, serial number?
- How will the devices be authenticated? The systems need to know if an attacker is attempting to connect.
Whether your customers supply warehouses or way finders, hospitals or hotels, they will need to prioritize these four elements to efficiently and securely operate a system of connected devices.
Monitoring. Given the significant damage a malfunctioning device can do to the reputation and finances of your customers—not to mention the inconvenience to their customers—it is important to monitor the health of devices. Typically, they will send a regular “heartbeat” to the server with such data as free disk space, connectivity issues, and excessive restarts. More sophisticated systems can also alert for indicators of compromise, such as suspicious files and log messages or activity that may indicate an attack is under way.
Maintenance and updates. Providing software updates is a key requirement for keeping a system secure, especially when embedded devices are in remote places with potentially low bandwidth or a metered connection. We recommend the following approach:
- Disable the automatic update feature to avoid failures in the field caused by untested application configurations.
- Separate security updates from feature updates, and plan regular security updates.
- Monitor known common vulnerabilities and exposures (CVEs) and have a procedure in place for deploying patches quickly to reduce exposure.
- Either a) identify a small group of devices to use as a beta-test group to verify operations before pushing new updates out to the wider fleet or b) have a means for rolling back a failed deployment.
Troubleshooting. When devices or systems are not working as expected, remote connectivity and health information can sometimes be used to determine the cause of failure, such as full storage or out-of-date software. If the device is unresponsive to remote access, then the only option may be a costly truck roll. One design approach is to store a known good image on the device to allow local staff to revert to it the case of an emergency. If a device is lost, stolen, or otherwise compromised, it must also be possible to revoke its access to the live system.
End of life. Eventually, in any system, components or software will reach the end of their support life. It is important to plan ahead. This can often lead to new hardware requirements, and it is critical to fully decommission old devices. Unused “dormant” devices are a security weak point if left connected but unmonitored. Will there be any data that should be cleaned up? Any cloud or server infrastructure that should be removed?
All connected devices face threats at every stage, from design to implementation to operations. Once deployed, they are active for long periods, often unattended and vulnerable to both physical tampering and cyberattacks. Moreover, as security guidelines get stronger in Europe, we anticipate tougher legislation in the United States as well.
For more details on how to give your customers the security they expect, we recommend reading our white paper: Designing and maintaining connected devices.
If you would like to learn more about how we can help you manage your connected devices, contact us and a Bsquare representative will get back to you.