Blog post: Write Side Up (Computer Weekly)
Timed to coincide with the RSA security conference, Microsoft has announced Azure Sphere, a new solution for creating highly-secured, Internet-connected microcontroller devices. But there’s a bit more to it than that. Enabled by the company’s newly found ‘growth mindset’, Microsoft engineers can happily use the best technology for the job which, on this occasion, just happens to be Linux.
More than 9 billion microcontroller-powered devices are produced each year according to Microsoft’s blog post, and these are increasingly being connected to the Internet-of-Things (IoT). Similar to, but less sophisticated than, system-on-chip (SoC) designs, microcontrollers are used in many of the products and devices that surround us. These range from automobile engine control systems and medical devices, to building controls, appliances and children’s toys. The size of this market dwarfs that of the PC and mobile markets combined, and Microsoft clearly sees a lucrative opportunity if it can establish Azure Sphere as the protective ‘mother ship’ of the world’s smart things.
Azure Sphere, a secure home for smart things
In a world where so many ‘things’ are connected, almost anything, it seems, can be disrupted. It therefore follows that every connected thing needs to be protected. This is the ethos that underpins Microsoft Azure Sphere. Azure Sphere includes three components that work together to protect devices at the edge of the network: Azure Sphere certified microcontrollers, Azure Sphere Security Service, and Azure Sphere OS. Unpacking the announcement reveals a couple of surprises. First, Microsoft said it will license its technology to chip makers on a royalty-free basis. Next, the new microcontroller operating system is based on a custom Linux kernel, not Windows.
The Linux kernel has formed the basis of embedded operating systems and microcontroller-based products for many years, so Microsoft developing its own custom Linux kernel isn’t technically remarkable. However, it does jar somewhat with the Windows 10 IoT everywhere proposition of 2015, although the company was just starting to look at microcontrollers back then. Azure Sphere is still in private preview, but the first Azure Sphere chip, the MediaTek MT3620, is expected to ship in volume this year. The first wave of Azure Sphere devices are expected by end of year and, who knows, Microsoft might even ship a new device of its own. The much talked about Andromeda perhaps?
The seven properties of highly secure devices
Microsoft researchers began exploring the microcontroller-powered devices market in 2015. Then, in March last year, they published a research paper, The Seven Properties of Highly Secure Devices, that could have, theoretically at least, prevented the Mirai botnet attacks of 2016, when an estimated 100,000 compromised IoT devices took down several high-profile websites using DDoS attacks. In short, the paper concludes that a redesign is necessary if we want our IoT devices to be safe and secure. The paper also details a proof-of-concept project with MediaTek, a Taiwanese company that develops SoC for mobile devices, home entertainment systems, network and connectivity equipment, and other IoT products.
Here’s the list of properties, and their tests, which Microsoft deems critical if we are to have highly secure, network-connected devices:
- Hardware-based root of trust: Does the device have a unique, unforgeable identity that is inseparable from the hardware?
- Small trusted computing base: Is most of the device’s software outside the device’s trusted computing base?
- Defence in depth: Is the device still protected if the security of one layer of device software is breached?
- Compartmentalization: Does a failure in one component of the device require a reboot of the entire device to return to operation?
- Certificate-based authentication: Does the device use certificates instead of passwords for authentication?
- Renewable security: Is the device’s software updated automatically?
- Failure reporting: Does the device report failures to its manufacturer?
If we think about the damage caused by malicious botnets over the past decade, each comprised of tens-of-thousands of vulnerable Windows PCs, then it’s easy to see why these principles have become a bit of a thing at Microsoft. The company clearly wants to avoid the mistakes of the past, and while nothing has been explicitly stated, it would be a comforting thought if Microsoft were to apply the seven tests listed above to all its device efforts going forward. Having said that, I’m struggling to see how today’s Windows operating system model would ever make the grade. Maybe we’ll hear how in the coming months.
From security chumps to security champions
Continuing his mission to establish a ‘Digital Geneva Convention’, Microsoft President and Chief Legal Officer, Brad Smith, used his RSA security conference keynote to remind delegates of the perils of not updating and patching the Windows operating system. He pointed to last year’s massive cyberattack when, on May 12, more than 300,000 computers running Microsoft Windows were affected by WannaCry ransomware. Mr. Smith also highlighted the NotPetya cyberattacks that targeted Ukraine businesses and institutions, affecting the Windows-based systems of banks, government departments, newspapers and energy companies. These events were not cataclysmic, this time, but they do show us how the disruption of non-patched or out-of-date computer-controlled social infrastructure can affect businesses, governments, and millions of people.
Championing cybersecurity, Brad Smith also used the RSA conference to announce the Cybersecurity Tech Accord, a public commitment among 34 IT companies to “protect and empower civilians online and to improve the security, stability and resilience of cyberspace”. In essence, those companies signing-up to the accord pledge not to assist governments in cyberattacks. This list includes key enterprise IT suppliers, such as Arm, BT, CA Technologies, Cisco, Cloudflare, Dell, HP, HPE, Microsoft, Oracle, RSA, SAP, Telefonica and VMware. However, notable names not yet on the list include Apple, AWS, Google, IBM and Lenovo. We’ll have to wait and see if the accord has any real impact on the escalating political tensions associated with state-sponsored cyberwarfare, but it’s at least a start.
Nadella sets Microsoft free with ‘growth mindset’
The Windows operating is still a very important asset to Microsoft, and will be for many years to come. However, Satya Nadella has made it very clear where the company is heading: Intelligent Cloud and Intelligent Edge. The departure of Terry Myerson, Executive VP of the Windows Devices Group, signalled the start of this new epoch, and this week’s announcement, choosing Linux over Windows, provides yet another glimpse of the cultural change and ‘growth mindset’ that Nadella is driving at Microsoft, one in which nothing should be taken for granted and where employees must always be willing to check their assumptions as new data is revealed.
Microsoft is clearly changing its approach to security as with many things these days, but it still tends to blame the ‘bad guys’ and laggard IT departments for the woes caused by rogue Windows-based computers. The company has made billions of dollars from sales of its software, so we shouldn’t feel sorry for it when it has to spend millions of dollars cleaning up the mess caused by its legacy products, even those that are no longer supported. It’s clearly the right, and moral, thing to do.