Embedded systems are a 'life form,' says In-Q-Tel's security chief

CAMBRIDGE, Mass. -- Among the number of provocative points that Dan Geer, the CISO of In-Q-Tel, makes about embedded systems and supply chain risk, one stands out: The systems are immortal.

They are immortal in the sense that they can continue to function for years at an assigned task. "The longer lived these devices," said Geer, "the surer it will be that they will be hijacked within their lifetime."

"Their manufacturers may die before they do -- a kind of unwanted legacy much akin to superfund sites and space junk," said Geer. So something has to be done.

Geer raises the argument that embedded systems without a remote management interface, "and thus out of reach, are a life form," and "as the purpose of life is to end, an embedded system without a remote management interface must be so designed to be certain to die no later than some fixed time."

"Conversely, an embedded system with a remote management interface must be sufficiently self-protecting that it is capable of refusing a command," said Geer, speaking at The Security of Things Forum held here Wednesday. The event is organized by The Security Ledger.

"Inevitable death and purposeful resistance are two aspects of a human condition that I think we need to replicate" in these systems, said Geer.

In-Q-Tel is the U.S. intelligence community's venture funding operation. It searchers out start-ups with technologies that may help with national defense. Geer said he was speaking for himself at the forum.

The use of embedded systems are multiplying, thanks in part to the Internet of Things (IoT). Creating IoT-enabled devices involves taking either existing or new machinery of any type and equipping it with sensors, connectivity and some computing capability for a predefined task -- an embedded system. But IoT devices are also designed to communicate with other machines. Thus, the risk isn't isolated.

"As society becomes more technologic, even the mundane comes to depend on distant digital perfection," said Geer.

In terms of being more technologic, Geer points to the food pipeline, which he said has less than a week's supply in it. But everything in that pipeline depends on digital services, from GPS driven tractors, irrigation systems, robotic vegetable sorting, and RFID-tagged livestock as well as supply chain logistics.

Is all this technological dependency, said Geer, "making us more resilient or more fragile?"

An embedded system has a dedicated task and may be paired with an application-specific integrated circuit, and hardwired to do something specific. But they can also be paired with a more general purpose processor. It may include sensors and wireless radio. An embedded system may run machinery in any industry imaginable, as well as in public utilities. Their use is expanding as device makers seek to connect and control a wide variety of things.

The risk is that embedded systems are also part of technological monoculture. At one point that was Windows, but now the risk is in the smaller devices, argues Geer.

"That combination, long-lived and not reachable, is the trend that must be dealt with and possibly even reversed," said Geer.

"Whether to insist that embedded devices self-destruct by some predicable age or that remote management of them be a condition of deployment, is the question," said Geer.

He called it a national policy issue.

"In either case, the Internet of things, which is to say the appearance of network connected micro-controllers in seemingly any device that has a power cord or a fuel tank, should raise hackles on every neck give our current posture," said Geer.

At a separate panel that preceded Geer's talk, Stacy Cannady, who specializes in hardware security at Cisco, talked about IoT devices and listed some of the problems that need to be addressed, including what is the unique identity of devices, is there a way to establish some knowledge of the software and its configuration, and whether it can be trusted?

"We have a very basic set of problems to solve on a very large scale," said Cannady.

Patrick Thibodeau covers cloud computing and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov or subscribe to Patrick's RSS feed. His e-mail address is pthibodeau@computerworld.com.

See more by Patrick Thibodeau on Computerworld.com.

Read more about internet in Computerworld's Internet Topic Center.