This incident was an eye-opener for businesses and after this a number of simple measures were identified and implemented to prevent any future incidents. Any one of these measures might have helped avert such a largescale data security catastrophe, or at least minimized the damage.
1. System Virtualization, this would ensure that the HVAC system is isolated from the corporate network, thus closing a fairly easy access point.
2. Device ﬁrewalling might have prevented access to the POS devices, and the devices could have been programmed to accept only recognized, trusted code making it more challenging for the intruders to gain unauthorised access.
3. Encrypting the application binaries running the devices would have made reverse engineering more difﬁcult, if not impossible.
4. With proper access controls to sensitive processes, the operating system could have restricted speciﬁc tasks to speciﬁc users, preventing unauthorized users from extracting transaction data from the devices and blocking data from transmitting out of the network.
5. Health monitoring might have enabled IT operators to detect anomalies in device behavior and improved chances of detection before the attack did serious damage.
Such preventive measures apply to any type of device that an attacker may want to target. Security does not always require preventive measures at every point of vulnerability. Often it makes sense to start with a few measures to secure the device for deployment, and then add security functionality as you progress through the device lifecycle. You can achieve this with an operating system that allows you to scale and add features over time as new threats become apparent.
As a pioneer in embedded operating systems, Wind River understands what it takes to ensure functional safety in trusted devices, delivering software that performs tasks on which everyday lives depend. Often the only difference between safety and security considerations is the intent behind them. Wind River is uniquely positioned to implement and deliver security for IoT because of where our products reside in the device software stack. Wind River products and solutions support secure booting with hardware roots of trust, various access control mechanisms, secure package man-agement and software updates, firewalling and IPS, and integration with network management and event correlation products.