As ticker tape rained down on Bank of America field the Carolina Panthers gathered to celebrate their NFC Championship win. At the center of the crowd stood Cam Newton, the quarterback and leader of the team. Surrounded by reporters Cam was asked about his preparation for the Super Bowl. Curiously Cam replied that he did not know who they would be playing but that he would be ready. He did not know who they would be playing in the Super Bowl?!? The Denver Broncos had won the AFC championship three hours earlier. In those three hours Cam did not bother to look at the scoreboard or ask a teammate who his next opponent would be? Even with his team leading by over 30 points in the 4th quarter he didn’t stop to ask who is next?
My guess is that Cam was so focused on beating the Arizona Cardinals that he did not want to think about the Super Bowl. How often in sports do we see the dominant team lose because they “looked past” the current opponent? How often do they disregard the easier team only to suffer an upset? Maybe Cam Newton made a conscious decision not to look past Arizona and get distracted from the job of winning the NFC Championship. Perhaps he would have gotten overwhelmed if he thought about all of the games between him and a Super Bowl. Maybe he knew that the only way for him to accomplish his goal was to take it “one game at a time.”
This lesson is obvious to all of us Northeasterners who just emerged from our igloos on Sunday after Winter Storm Jonas. Looking out at the multiple feet of snow we knew that the only way we were ever going to clear our driveways was to take it one shovel at a time (or one phone call to the plow guy – not judging). If we started worrying about the hours we were going to spend, or the potential chiropractor bills, we never would have survived.
So what can Cam Newton teach us about embedded software cybersecurity? Just like winning the Super Bowl developing a secure embedded system is really hard (but not nearly as cool). If we stand back and look at the breadth of the problem we can easily get overwhelmed. But, if we break the problem down into pieces we will make it through. Start with a FIPS 140-2 validated encryption engine, then focus on PKI and then build your application on top. Take each step independently and make sure you develop it correctly before you move on to the next step.
This is the reason TELEGRID developed its Embedded Security Framework (ESF). The ESF is a structured collection of encryption and authentication modules designed to accelerate the design and development of embedded systems. It is based on TELEGRID’s 30+ years of design, development and production of embedded systems in the field of voice and data encryption, secure unified communications and management of networked encryptors. The ESF helps Government Engineers design STIG compliant embedded systems quickly.
Eric Sharret is the Vice President of TELEGRID Technologies, Inc. TELEGRID designs and develops secure embedded systems for the US Military.
Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc. TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.