Security Tenets for Life Critical Embedded Systems

Revision Date

Life critical embedded systems—whether medical devices, cars that connect to the Internet, Supervisory Control and Data Acquisition (SCADA), industrial control systems (ICS), or other systems—play a crucial role in today’s world. As more and more of these systems become interconnected to the Internet of Things, the need to properly secure these systems from hackers and cyberattacks is becoming increasingly evident.

The Security Tenets for Life Critical Embedded Systems meets this need by providing basic security guidelines meant to ensure that life critical embedded systems across all industries have a common understanding of what is needed to protect human life, prevent loss or severe damage to equipment, and prevent environmental harm. The intent of this document is not to create a mandate or regulation; rather, it seeks to specify a set of prioritized, core technical principles applicable across any industry or organization with life critical embedded systems, which, if implemented, would result in a significantly more secure environment than is currently the norm for life critical embedded systems. These core technical principles offer a starting point for industry-specific consortia and government groups to consider in developing standards and norms and for system developers to use in building or updating life critical embedded systems.

This document was developed by a cross sector working group comprised of Defense Industrial Base and Information Technology Sector members and does not reflect the Department of Homeland Security's position. Please send any inquiries regarding this document to