Cybersecurity and Cyber Resiliency: A Comparison
Posted 09/28/2021 by Mamta Gupta and Eric Sivertson
Lattice recently held a virtual seminar about cybersecurity related challenges, opportunities, and the latest programmable logic solutions for the Communications market (if you’d like to see it, an archived version is available here). In the audience Q&A at the end of the event, we were asked to provide a clarification about the differences between cybersecurity and cyber resiliency. It’s a question we get asked often enough that we thought a blog explaining the difference between the two would be useful.
First, let’s establish what we mean when we say “cybersecurity” and “cyber resiliency.” For the purposes of this blog, we’ll keep it short. If you’d like to learn more about these concepts, checkout one of our security whitepapers, Creating Cyber Resilient Embedded Systems and Securing the Supply Chain.
Cybersecurity - the technologies, processes, and practices that are employed to protect networks, devices, applications (programs), and data from cyberattack.
Cyber resiliency - the ability to continuously deliver an intended outcome despite adverse cyberevents such as cyberattacks. Cyber resiliency embraces information security, business continuity, and overall organizational resilience.
The key difference between the two has to do with what’s done AFTER a cyberattack is detected. While cybersecurity encompasses the concepts of threat detection and prevention, not all cybersecurity solutions enable systems to act on that knowledge in real time to mitigate the attack, remedy any ongoing security issues the attack has caused, and keep data traffic moving securely and without disrupting business. It’s the idea of real-time threat detection AND recovery that highlights cyber resiliency.
As we say in the whitepaper, cybersecurity is not an outdated concept. In fact, cybersecurity forms the foundation for cyber resiliency. But it has to be understood that cybersecurity, in its historic context, is not sufficient in and of itself. Let’s take a look at a real world security example of a widely-used cybersecurity solution, the trusted platform module (TPM), to see how it protects systems and how it needs to be augmented to make a system truly cyber resilient.
The Trusted Computing Group says a TPM “is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.” Last year, Microsoft improved upon the TPM concept with the launch of the Pluton security processor. According to Microsoft, “Pluton is an evolution of the existing Trusted Platform Module (TPM) you find in many modern computers. TPMs store security-related information about your operating system and enable features like Windows Hello.” With Pluton, Microsoft has integrated the functionality of a discrete TPM into the CPU to close off the avenue for attacks on the chip-to-chip bus interface between a TPM and a CPU placed separately on the motherboard. Microsoft says “devices with Pluton will use the processor to protect credentials, user identities, encryption keys and personal data.” Thus, Pluton security is targeted at the OS and application level and is protecting the user data and OS level keys. Pluton is a step forward in hardware security for cybersecurity, but how does it fit in the cybersecurity vs. cyber resiliency paradigm?
While Pluton is certainly a robust cybersecurity solution, it doesn’t protect a system during boot before the OS loads. That short window of time between when components on a motherboard are powered up from their firmware and when the OS loads and its cybersecurity measures are active is an attack vector of growing interest among today’s cybercriminals. To augment the security capabilities of a TPM like Pluton, systems also need to implement at Hardware Root of Trust (HRoT) with strong, dynamic, cyber resilient protections.
A HRoT boots a system in such a way that each mainboard component is only activated after its firmware has been confirmed to be valid. This validation is established by the HRoT; it checks itself to ensure it’s running valid firmware and holds other system ICs in reset mode until their firmware is cryptographically validated. It is essential to validate firmware before it is loaded into ICs, because malware-infected firmware can mask its presence from the operating system (OS). This could thwart TPM-based authentication as the TPM only becomes active after the OS boots. In addition to securely booting the hardware, the HRoT continually monitors a protected CPU’s non-volatile firmware against attacks. This hardware-level protection enables nanosecond responses to attacks, including Denial of Service attacks. If corrupted firmware is detected by the HRoT IC, it can quickly replace the corrupt firmware with the last known-good firmware, log the violation, and resume system operation uninterrupted and un-corrupted. That ability to resume normal operations quickly and unassisted is what makes a system cyber resilient.
To help developers maintain firmware security, the National Institute of Standards and Technology (NIST) published the NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193). The guidelines promote cyber resiliency by describing security mechanisms for protecting firmware against unauthorized changes, detecting unauthorized changes as they occur, and recovering from attacks rapidly and securely. PFR implementations require a HRoT capable of determining that all board-level components are running authorized firmware at boot.
Lattice MachXO3D and Mach-NX FPGAs help enable cyber resiliency by serving as the platform for a Hardware Root-of-Trust (HROT)
When used together, HRoT solutions like our Lattice MachXO3D™ or Mach™-NX FPGAs and Pluton-based chips provide a robust security solution which begins the instant the platform is powered up and through the loading and operation of the OS. The combined solution protects systems at the both hardware and operating system levels; from the moment the first IC on the mainboard (the HRoT) powers up and continuing on throughout the system’s day-to-day operations. And if a system IC is interfered with by a bad actor attempting to install unauthorized firmware in an effort to exploit the system, the HRoT can spot the attack, effectively halt it and have the IC boot from a previously known and authorized version of its firmware so system operation is uninterrupted. It’s the ability to detect and recover from a firmware attack that makes a system not only cybersecure, but cyber resilient, too.