Protecting embedded systems against hacking/cyber attacks

April 22, 2013 // By Graham Prophet
Quadros Systems and Icon Labs have launched a defence against cyber attacks; the Floodgate Packet Filter software adds security and firewall filtering to the RTXC Quadnet Ethernet-TCP/IP stack to protect industrial control and smart grid systems from cyber-attacks.

Icon Labs, a provider of embedded networking and security technology, and RTOS provider Quadros Systems have introduced Icon Labs’ Floodgate Packet Filter embedded firewall software for the RTXC Quadros real-time operating system.

Malicious attacks on Supervisory Control and Data Acquisition (SCADA) and other industrial control and smart grid networks are a major concern. These systems were not originally built to withstand the kinds of sophisticated cyber-attacks coming from hackers, criminal enterprises and even terrorists. Recently the Industrial Control Systems Cyber Security team noted that there are now several new, publicly available exploit tools that specifically target Internet-accessible industrial control system and programmable logic controllers (PLCs). Targeted systems include those from Rockwell Automation, GE and Schneider Electric.

Floodgate Packet Filter adds firewall security to Quadros-powered devices to protect from Internet-based attacks. The combined solution is designed to meet ANSI/ISA/IEC/TS 62443 standards for cyber security. The system is designed explicitly for use in embedded devices with limited memory and processor speeds that require secure network implementation certified to standards such as the ISASP 99 which is measured by the Wurldtech Achilles Test Platform.

Floodgate Packet Filter has been used to provide security for industrial control applications, small footprint industrial firewall appliances and MCU based control devices. It provides Stateful Packet Inspection (SPI) and rules-based filtering to protect embedded devices from real-world cyber-attacks. Rules-based filtering utilises white-listing and black-listing to define system criteria such as port number, protocol, or source IP address for protection. Floodgate also features Stateful Packet Inspection (SPI) that provides dynamic packet filtering based on the state of the connection to a device.

RTXC Quadnet Ethernet-TCP/IP stack is a robust but small-footprint networking solution for network-attached devices and gateways. It was built specifically for the unique needs of embedded systems but with RFC-compliance and a Berkeley sockets API. The Quadnet stack already offers advanced authentication and encryption features for IP-layer security (IPsec/IKE) and application security (SSL/TLS). The Floodgate Packet filter