...

Because many such systems and devices are expected to remain operationally useful for years or even decades with minimal intervention, it is especially important that their security be thoroughly understood prior to deployment. This section collects a number of issues we observed in the course of recent work done by the CERT Vulnerability Analysis team, and is adapted from a CERT/CC blog post by Householder \ [1].

Black Boxes

We identified issues such as the inclusion of networked appliances in a larger system where the appliances provided networked services based on sensor data. Enterprise security policy treated the device as a black box rather than a general-purpose computer with regard to patch levels, included software, and so forth. The attack vector posed by the sensor data interface had not been considered either.

...

We observed various devices with wireless data capabilities embedded within a larger system yet little or no ability to patch the fielded systems except within very sparse service windows. Instances where physical contact with the device is required in order to update it can be especially problematic once vulnerabilities are discovered. (See Dan Geer's talk at the Security of Things Forum for more on the "long-lived and not reachable" problem \ [2].)

New Interfaces Bring New Threats

...