Nearly 10 months ago, Intel acquired computer and software security software company McAfee. For many, this delivered a strong message about Intel's commitment to helping protect computing and embedded devices of all kinds from the ever-increasing cyber threats around us. According to an August 2010 Intel press release:
"The acquisition reflects that security is now a fundamental component of online computing. Today’s security approach does not fully address the billions of new Internet-ready devices connecting, including mobile and wireless devices, TVs, cars, medical devices and ATM machines, as well as the accompanying surge in cyber threats. Providing protection to a diverse online world requires a fundamentally new approach involving software, hardware and services."
At the time of the purchase, McAfee was known for its software-related security solutions, including end-point and networking products and services focused on helping to ensure Internet-connected devices and networks are protected from malicious content, phony requests and unsecured transactions and communications. For the embedded market, McAfee introduced in 2009 McAfee Embedded Security, a new spin on its former Solidcore product. McAfee Embedded Security is designed to enforce software change control policies and provide protection against existing and any unknown zero day polymorphic threats via malware such as worms, viruses, Trojans and buffer-overflow threats, etc. To do this, the product uses a mainframe technique known as whitelisting, which defines the actions allowed on a device. The product runs on a variety of Windows*, Linux*, and Solaris* platforms. Manufacturers announcing support of McAfee Embedded Security include NCR, NEC Infrontia, Sharp, Schweitzer Engineering Laboratories, Meridian, Clearwave, PFU and Sysmex.
The obvious question now for embedded developers is what else McAfee will add to Intel's full-on security push for the rapidly growing Embedded Internet. This is a terribly important question. For tens of thousands of reasons. The McAfee Threats Report: Fourth Quarter 2010 reports that the identification of new malware went from 16,000 per day in 2007 to 60,000 per day in 2010. And before you say that's just for personal computing devices and servers, consider this: today a person anywhere in the world can talk to an embedded device almost anywhere else. This creates opportunities for great services and experiences, but also exposes connected devices to malware from increasingly sophisticated adversaries. Consider Stuxnet, the worm that targeted embedded industrial controllers in an Iranian nuclear plant. I shudder to think of the damage malware attacks could inflict on embedded systems that control our food supply, transportation systems, healthcare delivery and electric power.
Thoughts like this lead me to be excited about a new partnership between McAfee and Wind River (a wholly owned subsidiary of Intel and an Associate member of the Intel® Embedded Alliance). The two companies are developing, marketing and supporting security solutions for non-PC devices. The first product of this partnership is the Common McAfee Agent (CMA) for Wind River Linux. CMA enables all devices to which it is connected to report into the McAfee ePolicy Orchestrator (ePO) console. This gives customers a complete picture from a single console of their security posture on all CMA-connected devices. This includes the usual servers desktops, laptops, mobile devices, and databases, plus – and here's the important part for all of us in the embedded world – devices running Wind River Linux. This means devices such as printers, SCADA systems, medical devices, POS systems, and much more.
With the CMA, policies and tasks can be pushed onto embedded devices and data captured and reported back to the central console. Using the ePO and CMA framework will make new McAfee security products easier to deploy and manage as they're introduced. It's an important first step to providing complete security on embedded systems. As more and more embedded devices are added to the network, CMA and ePO will help security administrators know if the devices have the appropriate level of security and help them control different policies on those devices. Add Intel® Active Management Technology (Intel® AMT) and its out-of-band capabilities to the picture and administrators will be able to perform these actions even if a device is turned off or no longer functional.
This is just the start. McAfee and Wind River will continue to collaborate to offer purpose-built security and management solutions for the burgeoning embedded market. The two companies are already developing whitelisting to prevent unauthorized applications from running against Wind River for Linux, as well as adding McAfee-provided network-access control functionality. Anti-malware will come later.
While the vast majority of known malware attacks are still oriented toward Windows-based operating systems, the hardening of an industrial operating system such as Wind River's will benefit infrastructure far less visible to the public. But no less important.
Have ideas for how to improve the security of embedded devices as billions more devices are connected to the Internet over the next five to 10 years? Let's hear them.
To view other community content focused on security, see “Security – Top Picks.”