Page 636 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 636

Assess and Mitigate Vulnerabilities in

               Embedded Devices and Cyber-Physical

               Systems


               An embedded system is a computer implemented as part of a larger
               system. The embedded system is typically designed around a limited
               set of specific functions in relation to the larger product of which it’s a

               component. It may consist of the same components found in a typical
               computer system, or it may be a microcontroller (an integrated chip
               with on-board memory and peripheral ports). Examples of embedded
               systems include network-attached printers, smart TVs, HVAC
               controls, smart appliances, smart thermostats, vehicle

               entertainment/driver assist/self-driving systems, and medical devices.
               Another similar concept to that of embedded systems are static

               systems (aka static environments). A static environment is a set of
               conditions, events, and surroundings that don’t change. In theory,
               once understood, a static environment doesn’t offer new or surprising
               elements. A static IT environment is any system that is intended to
               remain unchanged by users and administrators. The goal is to prevent,

               or at least reduce, the possibility of a user implementing change that
               could result in reduced security or functional operation.

               In technology, static environments are applications, OSs, hardware
               sets, or networks that are configured for a specific need, capability, or
               function, and then set to remain unaltered. However, although the
               term static is used, there are no truly static systems. There is always
               the chance that a hardware failure, a hardware configuration change, a

               software bug, a software-setting change, or an exploit may alter the
               environment, resulting in undesired operating parameters or actual
               security intrusions.


               Examples of Embedded and Static Systems

               Network-enabled devices are any type of portable or nonportable

               device that has native network capabilities. This generally assumes the
               network in question is a wireless type of network, primarily that
   631   632   633   634   635   636   637   638   639   640   641