Do Your Part. Be Cyber Smart.
Posted 10/22/2021 by Mamta Gupta
October is Cybersecurity Awareness Month! The Cybersecurity & Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA) launched this event 18 years ago to raise awareness about the importance of cybersecurity and to ensure the country has the resources needed to help keep citizens safe and secure online. To continue to encourage individuals and organizations to take a proactive role in protecting themselves in cyberspace, the theme for this year’s Cybersecurity Awareness Month is once again, “Do Your Part. Be Cyber Smart.”
The CISA Cybersecurity Awareness Month web page provides a wealth of resources to help individuals and companies better understand how to keep themselves protected in cyberspace; I highly recommend it to anyone looking to gain a better understanding of how to stay secure when online. Because the bad guys work tirelessly to develop new ways to exploit system vulnerabilities to gain access to sensitive data, cybersecurity is in a constant state of change. The CISA website is an important resource to those who want to stay informed about the latest cyberthreats.
An increasingly popular target for hackers is an electronic device’s firmware, and if you take a look at the definition of firmware by Techopedia, you’ll see why:
“Firmware is a type of software that is programmed directly into a piece of hardware. It operates without going through APIs, the operating system, or device drivers—providing the needed instructions and guidance for the device to communicate with other devices or perform a set of basic tasks and functions as intended.”
I added the italics to the definition above to draw attention to a key issue regarding firmware and cybersecurity. Since firmware operates independently of a device’s operating system, it’s not protected by the security measures most users are familiar with, including antivirus software. The reason for this is when a system boots, system ICs load their firmware BEFORE the operating system is active. This gives hackers a window of opportunity to replace legitimate firmware with a malicious version that can be used to access data, hijack system resources, and insert malware or ransomware.
Fortunately, the tech industry does have a way to protect device firmware. The National Institute of Standards and Technology (NIST) created the NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) to provide security mechanisms for protecting firmware against unauthorized changes, detecting unauthorized changes as they occur, and recovering from attacks rapidly and securely. PFR requires developers establish a hardware root of trust (HRoT): a physical device capable of determining that all board-level components in a system are running authorized firmware at boot. More standards organizations and communities of interest are focusing in on this resiliency concept, such as the Trusted Computing Group and the Open Compute Project (OCP).
Lattice is committed to supporting industry adoption of PFR guidelines (you can read more about our efforts around PFR here) and has developed several hardware and software solutions to help customers simplify and accelerate the development of HRoT applications for the Communications, Computing, Industrial, Automotive, and Consumer markets.
Lattice Mach™-NX – our flagship low power FPGA for secure system control, Mach-NX leverages the high performance capabilities of the Lattice Nexus™ FPGA platform to deliver support for 384-bit cryptography (a requirement for leading next-generation server platforms).
Lattice MachXO3D™ - one of the world’s smallest low power FPGA-based HRoT devices for control and security.
Lattice Sentry™ Solution Stack - The Sentry solution stack is a complete PFR reference platform that includes fully validated IP building blocks, easy to use FPGA design tools, reference design/demonstrations, as well as a network of custom design services. The stack is compatible with both the Mach-NX and the MachXO3D FPGA families.
Lattice SupplyGuard™ security service – this subscription service provides Lattice customers with their own unique part numbers with corresponding encryption credentials for their Mach-NX and MachXO3D FPGAs. These measures help ensure Lattice FPGAs remain highly tamper resistant as they move through the global supply chain to prevent overbuilding, cloning, counterfeiting, and unauthorized hardware and firmware modification.
If you have questions about Lattice solutions for helping secure device firmware, submit your query here. And don’t forget to visit the Cybersecurity Awareness Month page to learn how to keep your online experiences safe and secure.