Recently, HP announced implementing Karamba Security’s XGuard CFI into its business printers in order to protect against zero-day vulnerabilities. This new layer, embedded into the most secure printer in the world, provides protection against Return-oriented programming (ROP) attacks. In the extremely exposed world of connected office printers, this security control decision is a very reasonable one.
However, CFI and other runtime-integrity mechanisms provide another key value: They turn the unavoidable memory weaknesses into unexploitable bugs and, as such, they buy the supply chain valuable time to fix the problems. In critical infrastructure this has great value since the “identify-patch-update” cycle can be very long: both since the controllers can only be updated in very small increments (up to 2 years), and because the manufacturer’s firmware patching can take a long time given the extensive validation cycles before a patch update can be released. In such traditionally “slow” industries, from both the manufacturer and the operating customer perspective, implementing software integrity mechanisms like CFI creates that critical time buffer that is highly appreciated.
The value of software integrity has not skipped over the standards bodies, and a call for such a mechanism exists in IEC62443-4-2 CR3.4. There are a few technologies for this, such as ASLR, and CFI which is superior, but until today implementing CFI in firmware was a daunting task. Nowadays, a commercially available off-the-shelf solution, Karamba’s XGuard, is already protecting millions of Solar Edge inverters that are connected to the national grid. This security mitigation is pushing the envelope of security innovation, and allowing critical infrastructure to utilize such important security controls. It provides zero-day protection, and also buys R&D and customers the time to patch for security in an orderly and efficient manner. Karamba’s XGuard can easily be integrated into any firmware and multiple CPU architectures – from bare metal to embedded Linux – offering product designers and security architects the flexibility to decide how to implement specific controllers and apply the protection across product lines.
As the critical infrastructure becomes more diverse, with Distributed Energy Resources (DER) and an expanding supplier eco-system, along with the growing risk of sophisticated attackers eying this space, it is expected that agencies like CISA will push for implementation of specific strong security controls. Leveraging existing standards, or expanding on them, can bring to a national grid the innovation needed in order to always be one step ahead of the hacker.