This post is also available in: עברית (Hebrew)
US Federal research facilities rely on internet-connected devices to automate many basic building functions like ventilation, heating and security, as well as more hazardous processes like decontaminating equipment and preventing lethal microbes from escaping the lab. Hackers could potentially exploit these IoT devices to take control of building operations, but the DHS Science and Technology Directorate is investing in software that smothers attacks before they start.
The US Homeland Security Department is testing new software to protect government laboratories from cyberattacks that could potentially release dangerous pathogens into the environment.
Developed by Red Balloon Security, “Symbiote Embedded Defense” technology injects software into each device’s binary operating system and constantly analyzes the code to prevent rogue commands from executing. Because the technology doesn’t rely on a particular operating system, it works for every single embedded device.
Homeland Security awarded the company a $1 million contract to test the software at the agency’s Plum Island Animal Disease Center, S&T Chief of Media Relations John Verrico told nextgov.com. Researchers at the facilities work with dangerous microbes like SARS, West Nile virus and yellow fever, meaning even a small attack on building operations could have enormous consequences.
Assailants can cause the containment to breach, can cause damage to the people inside and release dangerous pathogens outside the facility by just manipulating the small embedded computers that control the building.
Building control systems at government labs and many production facilities run mostly on legacy software, which makes them particularly susceptible to an attack. Because the Symbiote software integrates directly into the operating system and detects any unauthorized changes to the code, it’s able to lock down most outdated technology.