DevSecOps is a development approach that addresses today’s increasing security concerns within the development cycle. Cybersecurity is a never-ending race to manage risk to organizations, applications, data, and operations. Security organizations face pressure from two forces:

1. The speed at which businesses must innovate, build, and release solutions has increased exponentially as market pressures have driven organizations to adopt DevOps methodologies that streamline their entire development and release cycles.
2. The sophistication and volume of cyberthreats has risen dramatically, with devastating consequences from data breaches, ransomware, countless strains of malware, and other threats.

Security teams are rethinking their traditional risk management approaches and creating dynamic, automated ways of integrating security testing and validation into the product lifecycle. DevSecOps has emerged as a fundamental strategy.

The DevSecOps process evolved from DevOps, which combined software development and operations into a unified process with a cyclical flow, automating tasks and bringing consistency and structure to code development. When it became apparent that security concerns could not be addressed as add-ons at later stages, the DevSecOps approach emerged, incorporating security from the earliest planning stage and carrying it through post-deployment.

The security landscape is constantly changing, shaped by several factors:

• Sophistication of threats: The days of easily identified malware signatures are long gone. Malware is now homomorphic or even encrypted altogether, enabling it to proliferate undetected across devices. Unmonitored hardware devices that are internet-enabled allow access points and lateral movement. Sophisticated threat actors have had access to considerable money to develop highly damaging yet practically undetectable attacks.
• Volume of threats: Cyberattacks are big business. Countless individuals and organizations, including nation states, have incentive to launch ransomware, steal identities, and breach data stores. Internet-connected devices are under constant siege by automated tools that scan for known vulnerabilities.
• Scarcity of cybersecurity resources: People with the full skill sets for cybersecurity and security engineering are comparatively rare. Organizations often struggle to retain staff and talent to adequately protect their resources. Developers and engineering teams in particular need to understand the implications of security and be empowered to design it into their products.
• DevOps methodologies: As the product lifecycle has shifted left to embrace DevOps, so have security efforts. Just a few years ago it was possible to run a product through security validation and then reengineer components as necessary. Now, both overarching security needs and the automation-first approach to product release require integrated security validation.

Traditional security efforts usually look more like audits than engineering efforts. Security teams have long used checklists and hard requirements to evaluate products against security standards. While this approach does give developers direction for security by design, it is difficult to retain staff with the required hardware and embedded systems know-how.

An even bigger challenge is posed by the need to use automation to evaluate the security of embedded systems. This requires tool development, DevOps expertise, and, often, the ability to develop code. Team members need to be trained in the latest capabilities, and some may need additional programming expertise to keep up with their DevOps counterparts. When security teams can make this shift, however, the results are powerful.

The transition to DevSecOps practices can be initially challenging but ultimately powerful for teams.

Most hardware vendors implement security capabilities that should be leveraged by developers and tested by security teams, but they are often proprietary and unique to each platform. Secure Boot, for example, exists in many different implementations, such as Intel^® TXT/tboot and U-Boot. It is challenging to create automation that handles their differences.

As security becomes foundational to embedded systems development, crucial best practices include developing chain-of-trust boot loading that uses signature validation and signed certificates, disabling JTAG in production of embedded systems to eliminate backdoors, securing data storage, and protecting certificates and encryption keys to prevent image and connectivity spoofing.

Fully on-premises, cloud-based, and hybrid configurations must all be supported by DevSecOps. Specifications and best practices related to a DevSecOps environment include:

• DoD Enterprise DevSecOps Reference Design
• DoD Cloud Computing Security Requirements Guide
• DoD Container Hardening Guide
• DoD/DISA Container Image Creation and Deployment Guide
• Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (NIST 800-52)
• Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171)
• Zero Trust Architecture (NIST 800-207)
• Application Container Security Guide (NIST 800-190)
• Guide to Computer Security Log Management (NIST 800-92)
• Privileged Account Management for the Financial Services Sector (NIST 1800-18A)
• Security and Privacy Controls for Information Systems and Organizations (NIST 800-53)
• “Use of Public Standards for Secure Information Sharing,” Committee on National Security Systems Policy, CNSSP 15
• Digital Signature Standard (FIPS 186-4)

Virtualization in systems development is the creation of software that simulates hardware functionality. The result is a virtual system that is more economical and flexible than total reliance on hardware systems.

Virtualization is enabled by hypervisors that communicate between the virtual and physical systems and allow the creation of multiple virtual machines (VMs) on a single piece of hardware. Each VM emulates an actual computer and can therefore execute a different operating system. In other words, one computer or server can host multiple operating systems.

Because of its versatility and efficiency, virtualization has gained significant momentum in recent years. What’s more, many of today’s industrial control systems were installed 30 years ago and are now outdated. While that legacy infrastructure provided a stable platform for control systems for many years, it lacks flexibility, requires costly manual maintenance, and does not allow valuable system data to be easily accessed and analyzed.

Versatile and efficient, virtualization overcomes the limitations of legacy systems.

Virtualization overcomes the limitations of legacy control systems infrastructure and provides the foundation for the Industrial Internet of Things (IIoT). Control functions that were previously deployed across the network as dedicated hardware appliances can be virtualized and consolidated onto commercial off-the-shelf (COTS) servers. This leverages the most advanced silicon technology and also reduces capital expenditure, lowers operating costs, and maximizes efficiency for a variety of industrial sectors, including energy, healthcare, and manufacturing.

For developers of embedded systems, virtualization brings new capabilities and possibilities. It allows system architects to overcome hardware limitations and use multiple operating systems to design their devices, while bringing high application availability and exceptional scalability.

The more things change, the more they stay the same. The core requirements for embedded systems are not going away:

• Security: Cyberattacks have become more common, while completely isolated systems are becoming rarer. Embedded engineers are taking security more seriously than ever before.
• Safety: The system must be able to ensure that it does not have an adverse effect on its environment, whatever that might be. Systems in the industrial, transportation, aerospace, automotive, and medical sectors can cause death or environmental disaster if their embedded systems malfunction. Because of this, determinism — predictability and reliability of performance — is of paramount importance. A failure in one zone should not trigger a failure of the entire system.

Fortunately, advances in hardware and virtualization have occurred even as challenges have beset the world of embedded systems. It is now possible to overcome most of the difficulties inherent in having separate, purpose-built embedded systems running on separate proprietary hardware. This is achieved by consolidating each separate embedded system, with its application and operating system, into its own virtual machine, all on a single platform and hardware architecture.

As depicted in Figure 1, virtualization can place multiple embedded systems, each running its own OS, on one multi-core silicon hardware system. Advances in silicon design, processing power, and virtualization technology make this possible. The same silicon can host more than one version of Linux along with multiple RTOSes and other common legacy OSes.

Figure 1. Reference architecture for multiple embedded systems running on a single processor using virtualization

Virtualization succeeds in abstracting the embedded system application and its OS from the underlying hardware. As a result, it becomes possible to overcome many of the most serious challenges arising from legacy embedded systems. The advantages for engineers include:

• A significant increase in scalability and extensibility
• Support for open frameworks and reuse of IP across devices
• The ability to build solutions on open, standardized hardware that offers more powerful processing capabilities
• Simplification of design and accompanying acceleration of time-to-market
• Application consolidation within the device, which reduces the hardware footprint and costs related to the bill of materials (BOM)
• A gradual learning curve, given a familiar OS and programming languages that can be deployed in the virtualized system
• The ability to run multiple OSes and applications side by side
• Isolation of each operating system and application instance, providing additional security and allowing both safety-certified operating environments and “unsafe” applications
• Easier upgrades via new methodologies such as DevOps, which simplifies the quick extension of new features
• Faster response to security threats

Wind River Studio

Wind River^® Studio is the first cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent edge systems that require security, safety, and reliability. It is architected to deliver digital scale across the full lifecycle through a single pane of glass to accelerate transformative business outcomes. Studio includes a virtualization platform that hosts multiple operating systems, as well as simulation and digital twin capabilities for the development and deployment process.

Figure 2. Helix Platform architecture