548,282 active members*
1,958 visitors online*
Register for free
Login Register

Perfection in Protection, Licensing, and Security

The New Breed of Engineers

January 2019
Author: Wibu-Systems
The New Breed of Engineers

I read an interesting article recently, How Do You Create an Internet of Things Workforce?, that was published by the IEEE Computer Society. The gist of the article was that given the significant increase in the development of IoT applications and analytics, it was time to create a separate engineering discipline designed to cover the specific knowledge necessary to build "reliable, efficient, and safe" cyber physical (CPS) or IoT systems. Simply adding one or two IoT or CPS courses to an existing program, the authors argued, was not sufficient enough for students to thoroughly understand the reasons why IoT and CPS are different than existing engineering disciplines.

The authors cited a good example to make their case:

“There are also CPS/IoT applications for healthcare with the goal of improving a patient’s treatment regime. For example, the closed-loop insulin delivery system connecting a glucose monitor to an insulin pump can continuously alter the amount of insulin dosed to a patient to assist in managing the patient’s blood sugar. In fact, any product that continuously monitors patient activity to improve treatment would be an effective IoT application. Imagine how much more effective treatment could be for a Parkinson’s patient when a physician has more than a static snapshot from an office visit exam. With months of data and information, the physician could determine a more effective treatment plan.”

An important takeaway from their example is that an engineering or computer science curriculum developed and/or updated 10 or even 5 years ago would not adequately educate students on the recent and rapid developments in artificial intelligence, machine learning, sensors and the many other sophisticated technologies inherent in future IoT and CPS applications. Furthermore, standard engineering curricula most likely would not adequately address the safety and data security vulnerabilities that are being uncovered and compromised in the cyber-world on a daily basis.

Human safety and data security are key elements in the quest to build “reliable, efficient, and safe” CPS and IoT systems. While I fully agree with the author’s premise, I would add that security would be a major component to any engineering curricula designed to train the new breed of IoT and CPS engineers. And as the authors note, simply adding an IoT or CPS course to existing engineering degree programs is not adequate. Cyber-security is more than an add-on course or two, but rather a core component of an entire program.

This is where the term “security-by-design” comes in.  A security-by-design approach to software and hardware development places the emphasis on building security into the products from the start vs. an afterthought in development. One of the major challenges of IoT security is the fact that security has not typically been considered in product design for devices that have not traditionally been Internet enabled and accessible via a network. While in a typical industrial environment characterized by long machine lifecycles, retrofits in the brown field are still significantly important, as all other green field applications require a plan of attack right from the start.

This is also true for the Industrial Internet of Things, where the emergence of smart electrical grids, connected healthcare devices and hospitals, intelligent transport, smart factories and other types of cyber-physical systems have created large scale attack surfaces.

Hopefully, academia will keep up with the rapidly evolving environment where millions of connected devices are the norm and adequately train the next generation of safety-conscious IoT and CPS engineers. There is much to be learned on many fronts. One document I propose for any engineering curricula is the Industrial Internet Security Framework  published by the Industrial Internet Consortium (IIC). The document is a collaborative work containing the cybersecurity wisdom of IIC members from over 25 different organizations and provides guidance for improving organizational approaches, processes and the use of technologies for creating a trustworthy system. It is an important starting point to understanding the security challenges brought on by the IoT and CPS.

Blog Archiv

November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016