3.1.5. Plan the Security Lifecycle of Your IoT Devices¶
| ID | Priority | Best Practice |
|---|---|---|
| BP 3.1.5.1 | Required | Build an incident response mechanism to address security events at scale |
| BP 3.1.5.2 | Highly Recommended | Require timely vulnerability notifications and software updates from your providers |
Architecture Notes - BP 3.1.5.1 - Build an incident response mechanism to address security events at scale¶
There are several formalized incident management methodologies in common use. The processes involved in monitoring and managing incident response can be extended to IoT devices. For instance, AWS IoT Device Management capabilities provide fleet analysis and activity tracking to identify potential issues, in addition to mechanisms to enable an effective response.
Recommendation 3.1.5.1.1 - Ensure that IoT devices are searchable by using a device management solution
Devices should be grouped by dynamic attributes, such as connectivity status, firmware version, application status, and device health.
Recommendation 3.1.5.1.2 - Quarantine any device that deviates from expected behavior
Inspect the device for potential compromise of the configurations, firmware or applications using device logs or metrics. If a compromise is detected, the device can be diagnosed remotely provided that capability exists. For example, Configure AWS IoT Secure Tunneling to remotely diagnose a fleet of devices.
If remote diagnosis is not sufficient or available, the other option is to push a security patch, application or firmware upgrade to quarantine the device. When sending code to devices, the best practice is to sign the code file. This allows devices to detect if the code has been modified in transit. For example, With Code Signing for AWS IoT, you can sign code that you create for IoT devices supported by Amazon FreeRTOS and AWS IoT device management. In addition, the signed code can be valid for a limited amount of time to avoid further manipulation.
Recommendation 3.1.5.1.3 - Over the air (OTA) update should be configured and staged for deployment activation during regular maintenance
Whether it’s a security patch or a firmware update, an update to a config file on a device, or a factory reset, you need to know which devices in your fleet have received and processed any of your updates, either successfully or unsuccessfully. In addition, a staged rollout is recommended to reduce the blast radius along with rollout and abort criteria’s for a failsafe solution. For example, you can use AWS IoT Jobs for OTA updates of security patch and device configurations in a staged manner with the required rollout and abort configurations.
Architecture Notes - BP 3.1.5.2 - Require timely vulnerability notifications and software updates from your providers¶
Components in a device bill of materials (BOM), such as secure elements for certificate storage or a trusted platform module (TPM), can make use of updatable software components. Some of this software might be contained in the Board Support Package (BSP) assembled for your device. You can help to mitigate device-side security issues quickly by knowing where the security-sensitive software components are within your device software stack, and by understanding what to expect from component suppliers with regard to security notifications and updates.
Recommendation 3.1.5.2.1 - Ensure that your IoT device manufacturer provides security-related notifications to you, and provides software updates in a timely manner to reduce the associated risks of operating hardware or software with known security vulnerabilities
Ask your suppliers about their product conformance to the Common Criteria for Information Technology Security Evaluation. In addition, consider using AWS Partner Device Catalog where you can find devices and hardware to help you explore, build, and go to market with your IoT solutions.
Additional Resources¶
- The Common Criteria for Information Technology Security Evaluation
- ISO/IEC 207035-1:2016 Information technology – Information security incident management – Part 1
- ISO/IEC 207035-2:2016 Information technology – Information security incident management – Part 2
- AWS re:Invent 2019: Designing secure IoT solutions from the edge to cloud