Topic 6B

Question 1

Embedded systems

Answer 1

used in various specialized applications, including consumer electronics, industrial automation, automotive systems, medical devices, and more.

are specialized computing systems designed to perform dedicated functions or tasks within larger systems or devices. Are optimized for performance

Question 2

Embedded systems examples

Answer 2

Home appliances—Such as refrigerators, washing machines, and coffee makers, contain embedded systems that control their functions and operations.

Smartphones and tablets—Contain a variety of embedded systems, including processors, sensors, and communication modules.

Automotive systems—Like modern cars contain embedded systems including engine control units, entertainment systems, and safety systems like airbags and anti-lock brakes.

Industrial automation—Embedded systems exist in control systems and machinery, such as robots, assembly lines, and sensors.

Medical devices—Such as pacemakers, insulin pumps, and blood glucose monitors, contain embedded systems that control their functions and provide data to healthcare providers.

Aerospace and defense—Like aircrafts, satellites, and military equipment use embedded systems for navigation, communication, and control.

Question 3

Real-Time Operating Systems (RTOS)

Answer 3

a type of operating system designed for use in applications that require real-time processing and response. They are purpose-specific operating systems designed for high levels of stability and processing speed.

A security breach involving RTOS can have serious consequences. RTOS software can be complex and difficult to secure, which makes it challenging to identify and address vulnerabilities that could be exploited by attackers.

Another security risk associated with RTOS is the potential for system-level attacks. An attacker who gains access to an RTOS-based system could potentially disrupt critical processes or gain control over the system it is designed to control.

Question 4

Industrial control systems (ICSs)

Answer 4

provide mechanisms for workflow and process automation.

An ICS that manages process automation within a single site is usually referred to as a distributed control system (DCS).

Often used with infrastructure such as power and water supplies.

An ICS comprises plant devices and equipment with embedded PLCs. The PLCs are linked either by an OT fieldbus serial network or by industrial Ethernet to actuators that operate valves, motors, circuit breakers, and other mechanical components, plus sensors that monitor some local state, such as temperature

Question 5

human-machine interfaces (HMIs)

Answer 5

Input and output controls on a PLC to allow a user to configure and monitor the system.

might be a local control panel or software running on a computing host. PLCs are connected within a control loop, and the whole process automation system can be governed by a control server.

Question 6

Programmable Logic Controller

Answer 6

a computer specially designed to operate reliably under harsh industrial environments – such as extreme temperatures and wet, dry, and/or dusty conditions

Question 7

data historian

Answer 7

a database of all the information the control loop generated.

Question 8

supervisory control and data acquisition (SCADA)

Answer 8

takes the place of a control server in large-scale, multiple-site ICSs. SCADA typically run as software on ordinary computers, gathering data from and managing plant devices and equipment with embedded PLCs, referred to as field devices.

SCADA typically use WAN communications, such as cellular or satellite, to link the SCADA server to field devices.

Question 9

ICS/SCADA Applications

Answer 9

Energy refers to power generation and distribution. More widely, utilities include water/sewage and transportation networks.

Industrial can refer specifically to mining and refining raw materials, involving hazardous high heat and pressure furnaces, presses, centrifuges, pumps, and so on.

Fabrication and manufacturing refer to creating components and assembling them into products. Embedded systems are used to control automated production systems, such as forges, mills, and assembly lines. These systems must work to extremely high precision.

Logistics refers to moving things from where they were made or assembled to where they need to be, either within a factory or for distribution to customers. Embedded technology is used in control of automated transport and lift systems plus sensors for component tracking.

Facilities refer to site and building management systems, typically operating automated heating, ventilation, and air conditioning (HVAC), lighting, and security systems.

Question 10

How do industrial systems prioritize the CIA triad?

Answer 10

They tend to value it in the order of AIC

Question 11

Internet of Things (IoT)

Answer 11

Devices that can report state and configuration data and be remotely managed over IP networks.

Question 12

actuators

Answer 12

can perform actions based on data collected by sensors, such as turning on a light or adjusting a thermostat.

Question 13

Sensors

Answer 13

Detect changes in a physical environment

Question 14

Security risks of IoT

Answer 14

Many IoT devices are designed with limited processing power and memory, making it difficult to implement strong security controls.

The need for more standardization in IoT devices and protocols. Compatibility issues can make integrating different IoT devices and services difficult. It can also make implementing security controls more difficult

The large volume of data generated by IoT devices can make securing and protecting sensitive information difficult.

Question 15

Zero Trust

Answer 15

assume that nothing should be taken for granted and that all network access must be continuously verified and authorized.

Enables organizations to offer services based on varying levels of trust, such as providing more limited access to sensitive data and systems.

Question 16

Deperimeterization

Answer 16

refers to a security approach that shifts the focus from defending a network’s boundaries to protecting individual resources and data within the network.

This approach includes robust authentication, encryption, access control, and continuous monitoring to maintain the security of critical resources, regardless of their location.

Question 17

Trends Driving Deperimeterization

Answer 17

Cloud
Remote work
Mobile
Outsourcing and Contracting
Wireless Networks

Question 18

Key benefits of a zero trust architecture

Answer 18

Greater security
Better access controls
improved governance and compliance
Increased granularity

Question 19

The following list outlines the essential components of a Zero Trust architecture:

Answer 19

Network and endpoint security—Controls access to applications, data, and networks.

Identity and access management (IAM)—Ensures only verified users can access systems and data.

Policy-based enforcement—Restricts network traffic to only legitimate requests.

Cloud security—Manages access to cloud-based applications, services, and data.

Network visibility—Analyzes network traffic and devices for suspicious activity.

Network segmentation—Controls access to sensitive data and capabilities from trusted locations.

Data protection—Controls and secures access to sensitive data, including encryption and auditing.

Threat detection and prevention—Identifies and prevents attacks against the network and the systems connected to it.

Question 20

Zero trust model fundamental concepts

Answer 20

Adaptive identity recognizes that user identities are not static and that identity verification must be continuous and based on a user’s current context and the resources they are attempting to access.

Threat scope reduction means that access to network resources is granted on a need-to-know basis, and access is limited to only those resources required to complete a specific task. This concept reduces the network’s attack surface and limits the damage that a successful attack can cause.

Policy-driven access control describes how access control policies are used to enforce access restrictions based on user identity, device posture, and network context.

Device posture refers to the security status of a device, including its security configurations, software versions, and patch levels.

Question 21

control plane

Answer 21

manages policies that dictate how users and devices are authorized to access network resources.

It is implemented through a centralized policy decision point. The policy decision point is responsible for defining policies that limit access to resources on a need-to-know basis, monitoring network activity for suspicious behavior, and updating policies to reflect changing network conditions and security threats.

Question 22

policy decision point is comprised of two subsystems:

Answer 22

The policy engine is configured with subject and host identities and credentials, access control policies, up-to-date threat intelligence, behavioral analytics, and other results of host and network security scanning and monitoring.

The policy administrator is responsible for managing the process of issuing access tokens and establishing or tearing down sessions, based on the decisions made by the policy engine. The policy administrator implements an interface between the control plane and the data plane.

Question 23

Data plane

Answer 23

a subject (user or service) uses a system (such as a client host PC, laptop, or smartphone) to make requests for a given resource.

A resource is typically an enterprise app running on a server or cloud. Each request is mediated by a policy enforcement point.

The enforcement point might be implemented as a software agent running on the client host that communicates with an app gateway.

The policy enforcement point interfaces with the policy administrator to set up a secure data pathway if access is approved, or tear down a session if access is denied or revoked.

Question 24

implicit trust zone

Answer 24

The data pathway established between the policy enforcement point and the resource.

The goal of zero trust design is to make this implicit trust zone as small as possible, and as transient as possible.

Trusted sessions might only be established for individual transactions.

This granular or microsegmented approach is in contrast with perimeter-based models, where trust is assumed once a user has authenticated and joined the network.