How Karamba XGuard can help you meet NIST cybersecurity guidelines
A quick look at recent NIST reports on cybersecurity reveals how Karamba’s Carwall and XGuard security suites can help systems and companies meet these federal guidelines for cybersecurity.
Cyberattacks on critical infrastructure are a growing threat to security, economy, and public safety in the United States. In the private sector, these attacks can scuttle the best-laid plans of companies toiling to improve their bottom line.
Concern about this growing specter led to the passing of the Cybersecurity Enhancement Act of 2014 by the US Congress, which provides for “an ongoing, voluntary public-private partnership to improve cybersecurity and to strengthen cybersecurity research and development.”
The law also tasked the National Institute of Standards and Technology (NIST) with creating cybersecurity risk frameworks to help companies and critical infrastructure operatives ensure that they maintain the necessary level of security.
In 2014, NIST published the report Framework for Improving Critical Infrastructure Cybersecurity”, a sort of itemized guideline for how operators can protect their systems. Those guidelines were updated in April 2018, and a few months later NIST published a new report outlining the safe practices for managing the world of Internet of Things (IoT) products and systems, entitled “Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks.”
A quick look at both reports reveals how Karamba’s Carwall and XGuard security suites can help systems and companies meet these federal guidelines for cybersecurity.
In Framework for Improving Critical Infrastructure Cybersecurity, NIST presents a cybersecurity framework that is broken into three parts – the framework core, the implementation test, and the profile. The core section is further broken into five functions: Identify, Protect, Detect, Response, and Recover.
Detecting threat, analyzing risk
The “Identify” function includes the category “risk assessment,” which speaks directly to one of the main uses of Carwall and XGuard – identifying and documenting system vulnerabilities and spotting any “anomalies and events.”
In section DE.AE.2, the guidelines state that “detected events are analyzed to understand attack targets and methods,” and in the following section, DE.AE.3, it states that “event data are collected and correlated from multiple sources and sensors.”
Carwall and XGuard produce detailed logging and alerts which provide users with crucial information to help them understand and analyze events. These reports can help users better understand how they have been targeted, as well as where they need to shore up their defenses.
Verifying operational integrity
The framework states that cybersecurity measures should include integrity checking mechanisms that are used to verify software, firmware, and information integrity.
In section PR.DS-6, the guidelines state “integrity checking mechanisms are used to verify software, firmware and information integrity.”
This reads like a description of Carwall and XGuard’s Runtime Integrity platform, which allows applications and operating systems to self-protect against cyberattacks. The platform enables software integrity in runtime and builds a function calling graph that automatically detects legitimate binaries and hardens the system according to the “known goods.”
Identifying the challenges in IoT security
In the IoT report, NIST details the potential challenges involved in ensuring the security of individual IoT devices. These include the lack of built-in capabilities to find vulnerabilities on the device, the device’s failure to log operational and security events, and an inability to carry out internal detection controls.
Like with the cybersecurity framework report, Karamba’s security solutions provide an answer for each of these concerns.
Once embedded on a vehicle ECU or an IoT device, Carwall and XGuard constantly scan for exploitation attempts of hidden vulnerabilities and execute internal detection and prevention controls. They also make a detailed log of all security events. This can be a crucial step in helping clients understand and remediate their vulnerabilities, even though Karamba’s products can automatically prevent such vulnerability exploits at the gate.
Carwall and XGuard’s ability to automatically detect and prevent divergences from the factory settings is central to the partnership reached last month between Karamba and OS provider Wind River Systems Inc. By leveraging Karamba’s runtime integrity technology and Wind River’s Chassis portfolio of automotive software, this partnership will provide automakers with turnkey, embedded security solutions with low performance impact and little to no slow down in time-to-market.
Carwall and XGuard can also make a major contribution to “data security”, one of the categories within the protection function. The integrity checking mechanisms embedded on the security suites block attempts by attackers insert malicious code or malware, stopping attempts to seize devices and steal data – or worse.
The ever-evolving ecosystem of cybersecurity threats has in recent years sent governments and private industry scrambling to develop new methods to fight back, as well as new regulations and concepts to help get more people and systems prepared for the threats we now face. Karamba XGuard’s proven ability to embed cybersecurity solutions within connected systems makes it an ideal platform for business owners and critical infrastructure controllers facing this changing reality.