Lattice Blog

Our system is going under maintenance starting May 25, 2024 at 7:00 AM Pacific and ending May 25, 2024 at 1:00 PM Pacific. During this window, the website may not be reachable. For immediate assistance, please contact techsupport@latticesemi.com.

Share:

Cyber Resiliency Solutions and Supply Chain Protections for a Post-Pandemic World

Cyber Resiliency Solutions and Supply Chain Protections for a Post-Pandemic World
Posted 04/01/2021 by Eric Sivertson

Posted in

In March, I co-hosted a Virtual Seminar on Cyber Resiliency Solutions and Supply Chain Protections for a Post-Pandemic World. My co-host was Dave Sequino, who is CEO and Co-Founder of Integrity Security Services (ISS).

I started the proceedings by talking about the concepts of cybersecurity and cyber resiliency. A cyberattack is any attempt to expose, alter, disable, destroy, steal, or acquire information through unauthorized access to a computer or network. Cybersecurity refers to the technologies, processes, and practices that are employed to protect networks, devices, applications (programs), and data from cyberattack.

The problem is that cybersecurity on its own is no longer sufficient in today’s increasingly complex technological landscape. As an example, we discussed an occasion when cybersecurity failed involving the Danish shipping giant A.P. Moller-Maersk in 2017.

The unfortunate aspect to all of this was that Maersk had an extremely strong cybersecurity posture. The problem was that they were operating under the old paradigm of thinking that they weren’t vulnerable to attack because they had such high levels of cybersecurity. In reality, at some stage, every company is going to be attacked succumb to attack. It’s not a case of if, it’s a case of when.

The term cyber resiliency refers to a system’s ability to continuously deliver an intended outcome despite adverse cyberevents such as cyberattacks. What companies should be planning for is how to become more resilient to attacks and how to recover from attacks when they happen. The answer is to create systems that are cyber resilient from the ground (firmware level) up.

After introducing existing and emerging cyber resiliency standards, we discussed how to implement cyber resiliency using Lattice’s MachX03D™ and Mach™-NX FPGAs in conjunction with Lattice’s recently introduced software and services offering, the Lattice Sentry™ solutions stack. In addition to acting in a first on, last off role (supervising the powering-on/off and firmware loading of other components), these flash-based devices deliver a host of hardware security features -- like securely booting an immutable security engine -- that bring NIST-level security to embedded systems, thereby allowing them to act as the system’s hardware root of trust (HRoT).

As defined by NIST SP 800 193, platform firmware resiliency (PFR) involves protection, detection, and recovery. Protection includes protecting the platform’s firmware and critical data from corruption and ensuring the authenticity and integrity of any firmware updates. Detection includes cryptographically detecting corrupted platform firmware and critical data, both when the system is first powered on, while the system is running, and following any in-system updates. Recovery includes initiating a trusted recovery process and restoring any corrupted platform firmware and critical data to its previous value.

Lattice MachXO3D and Mach-NX FPGAs help enable cyber resiliency by serving as the platform for a Hardware Root-of-Trust (HROT)
Lattice MachXO3D and Mach-NX FPGAs help enable cyber resiliency by serving as the platform for a Hardware Root-of-Trust (HROT)

MachX03D and Mach-NX FPGAs address cyber resiliency requirements by providing features such as a secure dual-boot capability. Once the system is up and running -- compliant with NIST SP 800 193 Platform Firmware Resiliency (PFR) guidelines -- the MachX03D and Mach-NX devices continue to maintain cyber resiliency by protecting, detecting, and recovering themselves from malicious attacks. Furthermore, the massively parallel processing capability of their programmable fabric gives these devices the ability to protect, detect, and recover multiple other platform firmware elements at the same time.

Next, we focused on issues with the supply chain. The problem is that it’s hard to trust anyone these days, especially when some contract manufacturers are actively working with hackers to compromise products right at the beginning of the chain. We looked at a classic example of this in the form of Zombie Zero, which ended up breaking into the enterprise resource planning (ERP) systems of Fortune 100 companies around the world.

Component firmware is susceptible to compromise as soon as the devices leave the manufacturer
Component firmware is susceptible to compromise as soon as the devices leave the manufacturer

Even when hardware security modules (HSMs) are used to load encrypted software and cryptographic keys into components, problems can arise. In order to address this, we discussed how the Lattice Supply Guard™ supply chain security service ensures that MachX03D and Mach-NX FPGAs can be delivered to the manufacturer preloaded with a locking program and cryptographic key(s). This locking program disables all of the ports usually used to program the FPGA. The only way to program it is to load an encrypted image that contains the corresponding cryptographic key (the FPGA effectively acts as its own HSM). In addition to containing the payload program, this new image also contains its own instantiation of the locking program and a new cryptographic key(s). All of this sets the scene for what Lattice calls “Secure Ownership Transfer,” the main feature of which is that no one in the supply chain is ever provided with access to any of the cryptographic keys or unencrypted versions of the customer’s IP.

But Quis custodiet ipsos custodes? (“Who will guard the guards themselves?”). By this I mean who loads the original locking programs into the FPGAs? It was as this point that I handed over to Dave Sequino from ISS. These folks are end-to-end security experts who provide hardware- and platform-agnostic security solutions. In this case, ISS is in charge of loading the initial locking program and any associated cryptographic keys into the FPGAs, which are then shipped to the manufacturer. All of this is performed in special datacenters and secure infrastructures: 24x7x365 operations monitoring, redundant power supplies (on-site generators), multiple internet providers, and industrial cooling and fire protection. ISS data centers are one of the most protected structures for such efforts; truly a guns, guards and gates model of world class security.

Unfortunately, I’ve only touched on all the topics we discussed in the virtual seminar. If you want to learn more, you can watch an archived video of the seminar and you can peruse and ponder the associated Creating Cyber-Resilient Embedded Systems and Securing the Supply Chain whitepaper.

Share: