After plenty of talk, a wave of real action aimed at solving the Internet of Things's security problems is on the rise.
At least twice a week someone pings me with an idea for a guest article on how engineers must solve security problems if the Internet of Things is going to reach its potential. After plenty of talk on the topic, a wave of real action is on the rise.
The Intel-led Open Interconnect Consortium defining a high-level IoT software stack recently called for engineers to join its work on security. I know its rival, the Thread Group, is engaged in similar work. The IEEE is taking a different tack, organizing an effort in which policy makers to join engineers
IoT security was a hot topic at the recent RSA Conference
. The Trusted Computing Group put out a white paper there about how to embed in resource-limited IoT nodes its approach to a hardware root of trust.
Stanford University recently wrapped up a seminar on the topic. Another good reference is this list of the ten top attack sites for IoT.
Imagination Technologies recently announced is developing its own approach called OmniShield based on TCG concepts. It plans to offer new features such as support for multiple secure domains, but its APIs probably won’t be ready until sometime next year.
Just yesterday, I got a note about the new Securing Smart Cities not-for-profit initiative. Security researchers at IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance created the effort to share information about cybersecurity challenges.
In the engineering toolbox, veteran embedded-systems consultant Larry Mittag recently noted Ubuntu’s Linux distribution for IoT, Snappy, has enforced application isolation as part of its built in security. Separately, Max Maxfield reported on security tools for SoC and FPGA designers from Tortuga Logic and noted several IoT security sessions at the upcoming Embedded Systems Conference in Silicon Valley he is organizing.
The Global Semiconductor Alliance recently released a report on IoT that called out security issues as noted in a story by my colleague Junko Yoshida. Ad today, IBM released the annual report from the Ponemon Institute on the state of Internet security generally.
The Ponemon study of 350 global companies across all industries said the average total cost of a data breach increased 23 percent over two years to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased six percent to $154. However, the cost in healthcare companies was as high as $363.
The higher costs of breeches may be due in part to wider use of forensic tools, the study said. But it also made it clear there’s plenty of room for better tools. The study estimated a mean time to identify a data breech at 206 days with a range of 20 to 582 days. The mean time to contain one was 69 days with a range of 7 to 175 days.
As big as these data breeches in the headlines are, they may be just the top of the iceberg for a society moving into a world of networked things. The good news is work on the standards and tools is clearly underway, and the efforts have plenty of headroom.
— Rick Merritt, Silicon Valley Bureau Chief, EE Times
Join over 2,000 technical professionals and embedded systems hardware, software, and firmware developers at ESC Silicon Valley July 20-22, 2015 and learn about the latest techniques and tips for reducing time, cost, and complexity in the embedded development process.
Passes for the ESC Silicon Valley 2015 Technical Conference are available at the conference’s official site with discounted advance pricing until July 17, 2015. The Embedded Systems Conference and EE Times are owned by UBM Canon.