Cost of security

By Alex Wilson

Wilson_lg Having read Paul Parkinson's blog about  the UK National CyberSecurity Strategy, it was interesting to read this article on the US government moves towards cloud computing. I have always been surprised by the seemingly complacent attitude towards security, especially with our approach of downloading daily patches and security fixes to the variety of software installed on our PCs. In the article Rob Housman agrees with this and stated "that now is the time when the government should be putting an emphasis on security and safety rather than saving money and going for the tried and true “hack and patch” approach when problems arise."

Of course, Wind River has been presenting its security technology, Wind River VxWorks MILS Platform for a few years now. In the presentation "New Capability for the Warfighter – Multilevel Secure Systems Based on a MILS Architecture" which we created with our fellow members at The Open Group Real Time & Embedded Systems Forum  we have long been evangelising the robust partitioning approach. This concept allows the system architect to divide the system into security components that are independently designed, built and tested. This approach allows for the higher security component to be tested with much more rigour at a much more reasonable cost than previous generations of monolithic computer systems.

If you want to learn more about the foundational capabilities of Wind River VxWorks MILS then read the High Assurance Systems Development using the MILS architecture white paper written by Paul Parkinson and Arlen Baker.

Why is security suddenly becoming such a big issue? It is because more and more of our systems are becoming connected. In the drive to provide M2M capability and connect everything to the net we sometimes forget the security implications of doing this. This is mainly because these legacy systems have been designed and built for a single purpose, not as part of a connected world. As we move systems from legacy air-gap security environments, into the "cloud" we need to update them and provide security as an additional requirement.

I know in the defence world, our customers are taking security very seriously, and that systems are being designed with more and more of a security requirement – I just hope that the current defence budget cuts around the world do not lead to reductions in these security requirements; I would hate to think that hackers could take control of some of our more advanced weapons systems and turn them on us…