Evaluation Engineering - 14

APPLICATIONS

Technology (NIST) documents and details how to manage and maintain a secure software-based system such as an
ATE system."

SPECIAL REPORT

CYBERSECURITY:
SHIELDING AGAINST
THE DARK SIDE
By Mike Hockett, Editor-in-Chief
As long as humans keep advancing
technology to make our lives and job
functions easier, sadly, there will always
be those who mean to do harm with it.
That's been especially true ever since the
rise of the internet, and amplified with
the age of Industry 4.0 and connected
devices. Cybersecurity is something all
technology suppliers know they need, and
most know they should improve upon.
But it's one thing to secure business operations from cyberattacks. That facet of
the topic has been well-documented. It's
a whole other animal to secure electronic
test instruments and testing procedures.
Cybersecurity is certainly a priority for
vendors of electronic test and measurement instruments. But it's a tricky topic
for them to discuss, as most instrumentation vendors don't market solutions in
cybersecurity. Nevertheless, we were able
to gather commentary from a couple of
such instrumentation providers to get
their thoughts on trends in cybersecurity, the challenges it presents, and what
solutions are on the market.

What's trending?
Ron Yazma, vice president
of software engineering
at Marvin Test Solutions
(MTS): "For stand-alone
"box" instrumentation,
Yazma
one of the primary concerns for end users is a cybersecurity
breach via an infected instrument. This
could happen when an instrument is
calibrated or sent to a repair facility-
virtually any instrument that contains
software that can be accessed or modified via a remote or internet connection

EVALUATION ENGINEERING MAY 2019

iStock.com/MF3d

could be susceptible to a security breach.
Consequently, instrument vendors and
calibration/repair facilities have put in
place processes to protect against cybersecurity breaches/infections. One can
expect these cyber deterrent methods and
processes such as encryption and authentication to evolve over the next couple of
years in order to maintain and protect the
integrity of the supplied instrumentation.
"For ATE systems which, in many
cases, are connected to a network, the
need to protect against cyberattacks
and malware is more complex. And in
particular, for ATE systems employed
in military/aerospace applications, the
need for cybersecurity is acute since not
only can the test system be subjected to
a cyberattack but a mission critical UUT
being tested on the ATE could become
infected. Consequently, over the next
couple of years, one can expect to see
suppliers of mil/aero test systems moving to adopt the methods / procedures
detailed in the Department of Defense's
(DoD) Application Security Technical
Implementation Guide, which is based
on National Institute of Standards and

Bob Mart, product line manager at
Teledyne LeCroy: "In terms of trends,
we are seeing customers wanting to
perform traditional testing on embedded system designs in the same ways
as they always have, but now they also
want to account for designs having cybersecurity requirements. They need
to ensure that whatever cybersecurity
features their designs incorporate are
working as designed. A few years ago,
no one was talking about cybersecurity;
now it adds a layer of complexity to the
test regimen over and above the standard functional test.
"Customers want to
perform protocol analysis through mechanisms
such as serial triggers
and decodes so they can
monitor control buses for
Mart
suspicious or unwanted
activity. Then, abnormalities can be
correlated between the protocol and
physical levels to determine whether
some control signal or other event can
provide insight into potential vulnerabilities. In the automotive market, we
often encounter customers wanting to
monitor protocols such as CANbus to
ensure that there are no bad actors or
unwanted traffic on the bus.
"Using our oscilloscopes' serial data
decode table, users can filter out IDs or
messages known to be sent by your own
devices, which allows you to quickly capture any abnormal activity. From there,
you use the tools in
the oscilloscope to
debug what might
have happened to let
that occur.
Teledyne LeCroy's
TDME (trigger, decode,
measure/graph, and eye
diagram) packages can be
leveraged for both protocol
testing and cybersecurity
verification.
Teledyne LeCroy

http://www.iStock.com/MF3d

Evaluation Engineering

Table of Contents for the Digital Edition of Evaluation Engineering