523,919 active members*
2,070 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

An Eye-Opening Look at Embedded Security (or Not)

April 2017
07
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
An Eye-Opening Look at Embedded Security (or Not)

“In an eye-opening embedded systems safety and security survey conducted by the Barr Group, 28 percent of respondents said the systems they work on could cause injury or fatalities and 60 percent of the respondents said their systems were connected to the Internet. Disturbingly, even when their systems could be dangerous and were on the Internet, 22 percent of engineers said security was not a design requirement on their project.”

The statement above was made by Curt Schwaderer, Editorial Director, of Embedded Computing Design, in his article commenting on the results of the Barr Group’s third annual global survey of 1,700 professional embedded systems designers.

Eye-opening indeed.

The Barr Group concluded that “there are potentially deadly embedded systems that are not designed with appropriate levels of care as well as systems that could be more secure. There is, thus, much work to be done in the embedded systems design community to achieve a safer and more secure world. Fortunately, a lot of what needs to be done is well understood and easy to implement; what appears to be lacking is motivation.”

I couldn’t agree more. Embedded system designers are under extreme pressure to commercialize connected IoT devices rapidly to keep pace with the tremendous growth of the market. However, we know firsthand from speaking with our customers that security is not always a priority in the development phase.  In fact, not many embedded designers are experienced in the nuances of code encryption, integrity protection, and other critical software security mechanisms required to protect Internet-connected devices. It is not reasonable to expect that a very good embedded system developer is also a very good software security expert. The two disciplines don’t necessarily go hand in hand.

The recent cyberattacks on IoT devices, such as CCTV video cameras and digital video recorders, have served to heighten awareness of the vulnerabilities and public safety issues that can be caused by insecure IoT devices. The security threats are just as great in the IIoT, where critical infrastructure can be compromised. But, as the Barr Group’s survey suggests, increased awareness has not necessarily motivated the embedded developer community to consider the available state-of-the-art security mechanisms that currently exist and collaborate with security experts who know how to implement them.

Under the cloud of increasing cybersecurity threats, it is clear that a security by design approach is a necessity for any embedded system development project, whether it be for an IoT device or an Industrial IoT controller or system. The bottom line is that consumer safety is paramount.

There are several great motivational resources available for download today that will help put IoT and IIoT security into perspective: Trusted Computing Group’s Architect’s Guide: IoT Security white paper,  Wibu-Systems’ Licensing and Security for the IoT white paper, and the Industrial Internet Consortium’s Industrial Internet Security Framework Technical Report. All are free to download.

0 comments

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016