With the proliferation of the Internet of Things (IoT) and increased access to worldwide mobile networks, there are more devices online than ever before. The Cisco Visual Network Index (VNI) forecasts approximately 26 billion connected network devices by the year 2022, with video comprising 82% of all IP traffic. Bandwidth growth and low-latency performance demand will push operators to expand their service network infrastructure. This expansion may sometimes involve less-secure locations, creating greater risk to the network operation.
Security is taking on greater importance. Securing the network is paramount because service providers operate critical infrastructure supporting healthcare, finance, utilities, and governmental systems. If the network for any, or all, of these sectors was subject to a cyberattack, the effects could cripple emergency operations or even a national economy.
An emerging threat area is exploits deployed in physical hardware components. The Cisco 2018 Annual Cybersecurity report found cybercriminals exploiting supply chain vulnerabilities for hardware components or software. Attackers reportedly insert vulnerabilities into the hardware during the manufacturing process. Once the device is online, malicious actors then operate from within the network and gain access to valuable data and network controls. It’s essential for operators to expand their security policies to review hardware and software vulnerabilities and find new ways to validate the integrity of those systems.
The impact of supply chain attacks is massive and remains undetected for quite some time. Curbing supply chain attacks will require operators to work with vendors who:
- Issue Common Vulnerabilities and Exposures (CVE) reports
- Have a comprehensive supply/value chain security program to protect their systems from compromise
- Are capable of quickly addressing any system level vulnerabilities
Additionally, those vendors must provide ways for service providers to validate the integrity of the hardware against malicious code so service providers can trust their devices will securely support the critical infrastructure needed today.
A critical step in operating resilient networking solutions is building hardware from the outset with embedded security features. Cisco designs routers with foundational security capabilities to verify devices for authenticity and integrity. This verification offers evidence that network devices are operating as intended and are unaltered from their manufactured state. The idea is similar to Design For Testability (DFT) and Design For Manufacturability (DFM). Cisco builds routing platform products on a trustworthy framework from concept to production and gives service providers tools needed to operate secure critical infrastructure.
Routing platforms utilize a Trust Anchor module to implement and support a number of security features in a standards-based way. The Trust Anchor module enables the following security features:
• Secure boot and image signing: The design of the hardware-anchored secure boot process ensures that only genuine, unmodified code can boot on the platform. This creates a chain of trust from the micro-loader to the operating system, which establishes the software authenticity and integrity. All signatures are verified using keys securely stored in the Trust Anchor module (TAm) at manufacturing time. If any of the digital signature checks fail, the device will not allow the software to boot.
• Run-time defenses: Integrity Measurement Architecture (IMA) assures that executables preparing to load have not been modified from their original form. IMA maintains a run-time measurement list anchored in the TAm, with an aggregate integrity value over this list. The benefit of anchoring the aggregate integrity value in the TAm is that any software attack on the measurement list would be detectable.
• Supply chain security (Cisco Chip Protection): Cisco Chip Protection is applicable to all Field Replaceable Units (FRUs). An imprint database is a master list within the (TAm) that stores the unique identification of Cisco Application-Specific Integrated Circuits (ASICs), Central Processing Units (CPUs), systems on a chip, and other devices with their types specific to a board. If the observed identification does not match the imprint database, then it is an indication of breach and reported to the host for appropriate action.
Cybersecurity is a growing challenge for global service providers across who want to offer trusted networks for critical infrastructure services. We take unprecedented steps to address this challenge using a trustworthy framework based upon the Cisco Secure Development Lifecycle. Security is the cornerstone of our development strategy and we develop features that allow only verified, authentic components, software, and hardware to operate.
To learn more about our trustworthy hardware, please visit the Built-in-Trust page.