Testing Against Cyber-Attacks with Simulation Technology

Cyber-security is often a story of the “weak link.” The following two recent cyber-security events involving USBs brings to light the importance of testing the system against cyber-attacks to eliminate this type of risk.

• The US Secret Service identified that a supposed foreign agent was using a USB key to upload malware into the IT infrastructure of President Trump’s resort in Florida

• In my home country of France free USB keys were distributed via direct mail as part of a marketing campaign, which contained viruses

While these two examples addressed consumers, the same scenario can occur in critical infrastructure sectors, which could lead to large scale catastrophes, putting lives at risk.

Protecting critical systems from network-borne threats and preventing the deployment of infected systems are priorities for both government and industry. Technologies are available today that can give security engineers a considerable advantage in combating threats.

A flexible and effective option is to use virtual hardware and full system simulation technology. There are two advantages to using virtual hardware and simulation:

1. Tests can be performed that are not possible on physical hardware—for example, “tricking” malware into behaving in certain ways, thereby exposing itself and making it impossible to hide.
2. A virtual cyber range can be created, fully scaled out as much as necessary, with all the variants needed to explore the systems, and accessible by any engineer on the cyber research and development team.

Wind River Simics exemplifies this type of technology. Simics is a full system simulator; it simulates not only processors and boards, but complete networked systems, on which the full software stack runs unmodified, including the BIOS, firmware, operating system, and software applications. Simics virtual platforms simulate target hardware on which the software is intended to run. It has proven to be an effective cybersecurity research and development tool across critical infrastructure industries.

I’ll use the USB scenario as an example of how a user could evaluate the impact of plugging a USB key into a system without taking the risk to not only crash their IT, but compromise their entire system. Simics can be used to create a digital twin of the IT or OT system with a functional simulator and use passthrough technology to connect the physical USB key to the physical US PC socket to run the system in a virtual PC. Because the system is running in a virtual environment where you have control over time and event, you can trace what is going on, debug, inspect and even run backwards in time to develop fix and test again. All of this is being done in a single standalone PC…pretty cool!

A fun comparison is a video game…simulation technology provides you with multiple lives/chances so you can crash and crash again (if necessary) unscathed! Back before cyber-attacks were as prevalent as they are now, our Simics mantra used to be, “Don’t resist, you will be simulated.” Nowadays it’s, “Don’t fear, dare and simulate!”

To learn more about creating effective security with simulation technology/Wind River Simics, check out our white paper, “Cybersecurity and Secure Deployments.”