Firmware Management Best Practices Guide for Energy Infrastructure Embedded Control Devices

This paper identifies a set of best practices regarding firmware management and security for embedded control devices that are critical components of an energy infrastructure system. Such systems are considered an aspect of Utility Monitoring and Control Systems (UMCS) in the DOD community, but the practices presented in this report are equally applicable to the civilian sector as well as the national critical infrastructure systems identified by the Department of Homeland Security that utilize embedded devices for control and monitoring purposes. The intended audience are vendors of embedded devices and firmware as well as the military bases that receive and apply updates of the firmware to their infrastructure. The importance of secure firmware management practices by both vendors and customers as well as the definition and operation of firmware within an embedded control device are provided initially for context and background. Secure development and distribution methods of vendor firmware is then addressed. The report next provides best practices for customer storage and organization of firmware in addition to the performance of security checks for verification purposes. Application of updates to embedded devices and retention practices of firmware are discussed as well. Finally, a section on how DOD detects and responds to malicious firmware is included as an example of how best practices can be integrated with critical infrastructure monitoring. References and an Appendix describing an example best practices firmware update process of for an electrical power distribution relay conclude the paper.