Embedded Systems
Embedded Systems are computer systems that are built into other devices. Industrial machinery, appliances, and cars are all places where you may have encountered embedded systems.
Embedded systems are often highly specialized, running customized operating systems and with very specific functions and interfaces that they expose to users. Real-Time Operating System (RTOS) are often used when priority needs to be placed on processing data as it comes in. In an RTOS, repeated tasks are performed within a tight time boundary, while in a general-purpose operating system, this is not necessarily so. The same tasks are repeated one-after-another in a very routine way. You don’t want the security system to get in the way of the Real-Time Operating System. But you also want to be sure that the RTOS is secure. Examples of Embedded Systems are apple watches, stoplights, and medical equipment. But like always, there are specialized embedded systems to look out for. Common Constraints of Embedded systems include: Power, compute, network, crypto, inability to patch, authentication, range, cost, and implied trust. System on a Chip
Having a single chip that handles multiple functions on that single board is very common in embedded systems.
Common primarily because they’re something you can buy off the shelf. They’re very flexible in their capabilities. And you can customize the software to perform many different functions. Raspberry Pi
Raspberry Pis are single-board computers, which means that they have all the features of a computer system on a single board, including network connectivity, storage, video output, input, CPU and memory Can run a variety of OS like Linux and Windows. Raspberry Pi devices are more likely to be found used for personal development or small-scale custom use rather than in industrial or commercial systems.
Arduinos
Arduino is a microcontroller board, which is essentially an entire computer on a chip. It has a processing core, memory, and input and output controls all in one chip.
They include a lower-power CPU with a small amount of memory and storage, and they provide input and output capabilities. They are often used for prototyping devices that interface with sensors, motors, lighting, and similar basic capabilities. Unlike the Raspberry Pi, Arduinos do not have a wireless or wired network connection built into them, thus reducing their attack surface because they lack direct physical access.
Field-Programmable Gate Array (FPGA)
FPGAs are a type of computer chip that can be programmed to redesign how it works, allowing it to be a customizable chip.
FPGAs can be programed to perform specific tasks with greater efficiency than a traditional purpose-built chip. Systems may integrate FPGAs as a component in an embedded system or as the program processor inside of one. If an embedded system integrates an FPGA, you need to be aware that it could potentially be reprogrammed.
Supervisory Control and Data Acquisition (SCASA)/ Industrial control system (ICS)
SCADA is a type of system architecture that combines data acquisition and control devices, computers, communications capabilities, and an interface to control and monitor the entire architecture.
Also referred to as Industrial Control System (ICS) SCADA systems are commonly found running complex manufacturing and industrial processes, where the ability to monitor, adjust, and control the entire process is critical to success. All the equipment seen in a power manufacturing facility or a manufacturing floor can be centrally networked and controlled from one location: SCADA. Commonly seen in industrial and manufacturing, as well as the energy industry to monitor plants. These are not the kinds of systems that you would have directly connected to the internet, not only because it’s impractical, but it’s also insecure. SCADA is segmented off from the rest of the network. And you would have to go through some type of security controls just to gain access to the SCADA network. Supervisory Control and Data Acquisition (SCADA) also refers to large systems that run power and water distribution or other systems that cover large areas. A key thing to remember when securing complex systems like this is that they are often designed without security in mind. Facilities
ICS and SCADA can also be used to control and manage Facilities, particularly when the facility requires management of things like heating, ventilation, and air-conditioning (HVAC) systems to ensure that the processes or systems are at the proper temperature and humidity. Other Utilizations
SCADA is also used in Industrial, Manufacturing, Energy, and Logistics. Legacy SCADA environments, especially those that mix proprietary and open-source systems, present unique security challenges due to their often outdated architectures, lack of built-in security features, and the critical nature of the processes they control.
Here are security controls best suited for such environments:
Network Segmentation and Isolation: Physically or logically separate the SCADA network from other networks, especially the corporate network and the internet. Use firewalls and demilitarized zones (DMZs) to create barriers between the SCADA network and potential threats. Consider using unidirectional gateways (data diodes) to ensure that data can only flow in one direction, preventing potential external threats from reaching the SCADA network. Implement strict role-based access controls. Only authorized personnel should have access to the SCADA environment. Use strong, unique passwords and consider multi-factor authentication for critical access points. Internet Of Things (IoT)
The Internet of Things (IoT) is a broad term that describes network-connected devices that are used for automation, sensors, security, and similar tasks.
IoT devices are typically a type of embedded system, but many leverage technologies like machine learning, AI, cloud services, and similar capabilities to provide “smart” features Thanks to the advent of inexpensive computer chips and high bandwidth telecommunication, we now have billions of devices connected to the internet. This means everyday devices like toothbrushes, vacuums, cars, and machines can use sensors to collect data and respond intelligently to users. Sensors
Generally, sensors are used in the architecture of IOT devices.
Sensors are used for sensing things and devices etc.
A device that provides a usable output in response to a specified measurement. The sensor attains a physical parameter and converts it into a signal suitable for processing (e.g. electrical, mechanical, optical) the characteristics of any device or material to detect the presence of a particular physical quantity. The output of the sensor is a signal which is converted to a human-readable form like changes in characteristics, changes in resistance, capacitance, impedance, etc.
Smart Devices
Smart devices have the capability to connect to the internet, gather information and exchange data with other devices.
Wearables
Smart wearables collect and analyze data, and in some scenarios make a smart decision and provide a response to the user and are finding more and more applications in our daily life.
Facility Automation
Interconnected IoT smart devices are significant in enabling automation across industries. Industrial devices like sensors, connectors, actuators, IoT gateways, interfaces, motion controllers, lightbulbs, locks, etc., today, have the capability to share information about their condition and performance, while offering remote access and control. Combined with cloud computing and advanced data analytics, automation IoT software can manage these devices and learn to adapt accordingly to accommodate new ones as necessary.
Weak Defaults
Default weak passwords may the main obstacle for IoT.
Weak passwords can hurt any organization’s security efforts and make any device easily hackable, but a rising attack trend against IoT devices is one of the main security concerns. Poor security practices, including weak default settings, lack of network security (firewalls), exposed or vulnerable services, lack of encryption for data transfer, weak authentication, use of embedded credentials, insecure data storage, and a wide range of other poor practices.
Specialized Systems
Medical systems, including devices found in hospitals and at doctor offices, may be network connected or have embedded systems. Medical devices like pacemakers, insulin pumps, and other external or implantable systems can also be attacked, with exploits for pacemakers via Bluetooth already existing in the wild. Smart Meters are deployed to track utility usage, and bring with them a wireless control network managed by the utility. Since the meters are now remotely accessible and controllable, they provide a new attack surface that could interfere with power, water, or other utilities, or that could provide information about the facility or building. Vehicles ranging from cars to aircraft and even ships at sea are now network connected, and frequently are directly Internet connected. If they are not properly secured, or if the backend servers and infrastructure that support them is vulnerable, attackers can take control, monitor, or otherwise seriously impact them.
Voice Over IP (VoIP)
VoIP systems include both backend servers as well as the VoIP phones and devices that are deployed to desks and work locations throughout an organization. The phones themselves are a form of embedded system, with an operating system that can be targeted and may be vulnerable to attack. Some phones also provide interfaces that allow direct remote login or management, making them vulnerable to attack from VoIP networks. Segmenting networks to protect potentially vulnerable VoIP devices Update VoIP systems regularly. Apply baseline security standards for the device help keep VoIP systems secure.
Heating, Ventilation, Air Conditioning (HVAC)
These are usually very complex systems, especially when you get into larger environments. And they’re usually integrated with the fire system, as well. There are a lot of different components all working together to provide this HVAC functionality. It’s very common in large HVAC implementations to have a computer that monitors and maintains all of the HVAC for the facility. This would be a computer that would be able to monitor and even change the configuration in the heating and air conditioning systems. The same security mindset and policies apply to centralized HVAC computers. We want to make sure no one from the outside is able to get unauthorized access to these. Because if they do, they can turn off all of the heating, all of the air conditioning, and create, in some cases, very dangerous situations for the people in the building.
Drones
Drones and autonomous vehicles (AVs), as well as similar vehicles may be controlled from the Internet or through wireless command channels.
Encrypting their command-and-control channels and ensuring that they have appropriate controls if they are Internet or network connected are critical to their security. It’s very common to find security features and fail-safe functionality built into these drones. That way, if anything occurs while this device is in the air, you can get it back on the ground safely without harming anybody else who may be around.
Multifunction Printer (MFP)
Printers, including multifunction printers (MFPs), frequently have network connectivity built in. Wireless and wired network interfaces provide direct access to the printers, and many printers have poor security models. Printers have been used as access points to protected networks, to reflect and amplify attacks, and as a means of gathering information. Printers can be a major liability for data leakage if security isn’t enforced properly. They can be used as reflectors and amplifiers in attacks. Printers, scanners, copiers, and fax machines can store highly-sensitive information.
Surveillance Systems
Surveillance Systems like camera systems and related devices that are used for security but that are also networked can provide attackers with a view of what is occurring inside a facility or organization.
Cameras provide embedded interfaces that are commonly accessible via a web interface. it’s important to make sure that the proper security is put into the monitoring systems, so that only authorized users are able to see what the cameras are seeing. Use Firmware and security patches to keep surveillance systems protected.
Embedded Communication Considerations
With the increasing number of embedded systems that are being deployed, it’s important to know how these devices communicate to each other.
Many embedded and specialized systems operate in environments where traditional wired and wireless networks aren’t available.
5G
5G Cellular Connectivity can provide high-bandwidth access to embedded systems in many locations where a Wi-Fi network just wouldn’t work. Embedded systems that use cellular connectivity need to be secured so that the cellular network does not pose a threat to their operation. 5G can transfer data at speeds as high as 10Gigabits/sec; 100-900M/Bits on the slow end. IoT devices using 5G can transfer ridiculous amounts of data across their network and cloud; This causes significant security risk. Ensuring that they do not expose vulnerable services or applications via their cellular connections is critical to their security. 
2.6 Explain the security implications of embedded and specialized systems
