Securing Critical Infrastructure Through Advanced Application Performance Monitoring

Following a wave of high‑profile attacks on existing infrastructure, the cybersecurity of embedded systems in critical assets has become even more vital than their physical protection.

As President Biden’s administration moves forward with a $2.9 trillion investment in the nation’s critical infrastructure—spanning the energy grid, nationwide communications networks, and transportation systems—recent headlines such as the DarkSide ransomware incident that crippled the Colonial Pipeline underscore the urgency of safeguarding both legacy and future platforms from malicious actors.

Defending against exploits in these densely interconnected device networks poses a formidable challenge for developers of hardware, firmware, and software, as well as for cybersecurity specialists. Operators must continuously monitor embedded systems to ensure proper operation and detect suspicious activity, because hidden faults—whether from hardware degradation or cyber intrusion—can trigger catastrophic failures.

Building a resilient, defensible infrastructure requires a layered approach that assesses reliability at every level—from silicon to firmware to application. In this article, we examine recent advancements in cybersecurity for the software that controls infrastructure IoT devices, and we explore how trends in application performance monitoring (APM) influence embedded‑system design.

Critical infrastructure versus IT infrastructure

Security concerns surrounding IoT in critical infrastructure are profound, especially as new investments will add millions of connected embedded devices that must be monitored and protected. Each new device and every connection it makes presents an additional attack surface.

Figure 1. As millions of embedded connected devices are created, security concerns will become more pronounced as there are now many more devices that must be monitored. (Source: freepik)

To avoid confusion, we clarify key terms. Operational Technology (OT) refers to the physical hardware that monitors and controls physical processes. Information Technology (IT) encompasses the software that processes data within those devices. The boundaries between OT and IT are increasingly blurred as the physical world goes digital—what is often called the Internet of Things (IoT).

While IT infrastructure is undoubtedly critical to the IoT ecosystem, for our purposes “critical infrastructure” refers to the assets outlined in the Biden American Jobs Plan. Under the 2001 USA Patriot Act definition, it includes systems whose impairment would have a debilitating impact on national security, economic security, public health, or safety.

IoT and embedded systems will form the backbone of new infrastructure projects and will enhance existing facilities.

Although critical and IT infrastructure are distinct, the security of both is paramount. Attacks on IT infrastructure are easier to execute but can produce equally disastrous outcomes, as recent breaches of water‑supply systems demonstrate.

Cybersecurity of critical infrastructure embedded systems

Prominent infrastructure attacks, coupled with the broader rise in cybercrime, have prompted governments worldwide to intensify scrutiny of IoT devices and embedded‑system security.

Late last year, Congress passed the IoT Cybersecurity Act of 2020, tightening security standards for IoT devices used by federal agencies. While the Act does not mandate all IoT deployments in critical infrastructure, its influence is expected to ripple throughout the industry.

During the Act’s debate, the National Institute of Standards and Technology (NIST) released two pivotal documents that will shape future IoT security standards. The IoT Device Cybersecurity Capability Core Baseline establishes minimal security requirements for protecting devices and their data, while the Foundational Cybersecurity Activities for IoT Device Manufacturers outlines the controls manufacturers should integrate, with a particular focus on continuous system monitoring.

In Europe, the European Union is amending its Directive on Security of Network and Information Systems to address emerging infrastructure threats.

Embedded‑system developers closely monitor these regulatory developments. Although many requirements are aspirational today, they will eventually crystallize into concrete device‑design mandates.

Trends in application performance monitoring

For insights into future embedded‑system cybersecurity design, developers can look to trends in other IT performance and security domains, such as network application performance monitoring (APM).

However, the applications that oversee embedded systems in critical infrastructure are prime targets for dedicated adversaries. APM will become a cornerstone of maintaining security, and developers must understand how APM tools will interact with their devices and shape design requirements.

Streamlining data collection and transmission

Current networks already struggle with bandwidth constraints when handling large numbers of connected devices. Imagine the challenge if the device count were to grow tenfold or more. When network issues sever the link between an embedded device and its remote monitoring platform, the device becomes more vulnerable to exploitation.

Investing in experienced network administrators is one mitigation strategy. Network administration is projected to grow by over 42,000 jobs in the coming year, reflecting the critical need for professionals who install security systems, optimize network performance, and troubleshoot hardware and software.

Local artificial intelligence (AI) may also help. APM developers are exploring lossless compression techniques to deliver high‑quality data over constrained bandwidth, while embedded‑system engineers must continue refining on‑board compression algorithms.

Use of artificial intelligence and machine learning

AI and machine learning are increasingly integral to APM, to the point that Gartner coined the term “AIOps.” AIOps shifts APM from reactive issue resolution to proactive problem identification.

Figure 2. One of the biggest developments over the last few years has been the increasing reliance of APM on artificial intelligence. (Source: pixabay)

In addition, AIOps automates remediation after problem detection. Embedded‑system developers can adopt AI to build proactive, application‑level cyber‑attack detection.

While AI training is often performed off‑device—leveraging powerful cloud resources to process massive datasets—edge AI is gaining traction. Developers should assess the feasibility of on‑board AI for local security monitoring, keeping in mind the high computational demands of current AI models.

Converged application and infrastructure monitoring

Protecting every facet of an embedded system, from the underlying hardware to the applications it runs, requires a unified monitoring approach. Relying on isolated component checks is giving way to a holistic observability model that delivers real‑time insights, enabling quicker anomaly detection and threat mitigation.

Automation

Manually managing the vast data streams and analyses required for a modern cybersecurity program is nearly impossible. Automation is therefore indispensable for future security strategies. For example, APM effectively identifies the presence of an attack, but it is even more powerful when paired with systems that automatically pinpoint vulnerabilities.

Cybersecurity expert Barbara Ericson of Cloud Defense notes, “You can employ traditional and linear vulnerability scanners or use adaptive vulnerability scanners to search for specific things based on prior experience. Fortunately, vulnerability scanners can be automated if you pick up good vulnerability management software. By automating your scans, you’ll ensure that your organization is constantly assessed for new threats and you won’t have to waste too much manpower on regularly scheduled scans.”

Embedded‑device developers must also enhance automation for monitoring potential attacks and for implementing automatic corrective actions when issues arise.

Conclusion

As the United States embarks on large‑scale infrastructure upgrades, the volume of IoT in critical infrastructure will expand dramatically—heightening the risk of cyberattacks. Embedded‑device developers must prioritize the integration of novel, on‑board cybersecurity controls to guarantee the reliability and safety of essential services.