As an embedded software developer I can go on and on about the many benefits of LINUX.  I can easily list hundreds of benefits.  What I believe is the greatest though is the LINUX repository.

The LINUX repository is an online archive of open source and proprietary software packages that programmers use for development or maintenance.  There is a repository for every LINUX distribution with compiled packages for a multitude of hardware configurations.  Software developers can create upgrades or security patches and upload them to the LINUX repository where they can be easily downloaded by users.

Click to Subscribe

Unfortunately, new security risks are forcing system administrators to limit connectivity between secure networks and the internet.   You can’t be hacked if a hacker can’t get in. While a closed network is ideal for security, it is a big problem for software maintenance.

Since the LINUX repository is online, the software upgrades are inaccessible on a secure network.  For years defense contractors, like TELEGRID, have had to go to great lengths to deploy software upgrades on secure networks.  This leads to delays in the deployment of security patches and seemingly endless upgrade cycles.

To resolve these issues we recommend replicating the LINUX repository inside secure networks with an offline LINUX repository.  But how do we update the LINUX repository if it is offline? One solution is to deploy a cross domain solution that straddles the secure and unsecure networks.  Another solution is compressing repository updates and sending them to a system administrator who can upload them into the offline LINUX repository.

While secure networks are important we must not forget that the main goal is functional, bug-free and secure code.  An offline LINUX repository will make it easier to maintain code on secure networks and apply needed security patches.  It seems the President agrees.

Beth Flippo is Vice President of Embedded Software at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Does President Trump Want an Offline LINUX Repository? appeared first on TELEGRID.

• On December 30, 2016 the Congressional Internet of Things Working Group released a white paper on IoT stating that, “Recent examples of cyberattacks on IoT devices have exposed not just the potential impact on individual consumers, but the possible vulnerability on the broader Internet infrastructure.”

• On January 5, 2017 the Federal Trade Commission issued a complaint against D-Link claiming that D-Link’s “routers and cameras have been vulnerable to attacks that subject consumers’ sensitive personal information and local networks to a significant risk of unauthorized access.”

• On January 9, 2017 the Federal Drug Administration released a note about St. Jude Medical stating that its devices had vulnerabilities that, “if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device.”

• On January 12, 2017 the Department of Commerce released a Green Paper highlighting the security concerns around IoT. It states that the DDoS attack, “was the most visible and far-reaching example of the potential risks that must be mitigated when considering IoT.”

It appears that this the beginning of an activist approach taken by the Government to monitor IoT device manufacturers.  Indeed, the Congressional Internet of Things Working Group white paper states that participants, “grappled with whether or not a solution should rely on industry established standards, agency recommendations, legislation, or a combination of all the above.”

Click to Subscribe

TELEGRID is a designer of secure embedded systems for the US Military and has developed a framework to design systems in line with DISA’s Security Technical Implementation Guides (DISA STIGs).  While some commercial manufacturers follow NIST guidelines others ignore security completely.  As Senator Mark Warner, co-founder of the Senate Cybersecurity Caucus stated, “Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support.”

Is the Government going to “incentivize” commercial manufacturers to bake in security?  Will the Government shut certain companies out of the market for selling unsecure IoT devices?  What will be the cost impact to consumers?

These are all very tough questions and it seems the Government is moving quickly to try to answer them.  Are IoT manufacturers paying attention?

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Government Activism and IoT appeared first on TELEGRID.