IoT Security Groundswell Gathers

At least twice a week someone pings me with an idea for a guest article on how engineers must solve security problems if the Internet of Things is going to reach its potential. After plenty of talk on the topic, a wave of real action is on the rise.

The Intel-led Open Interconnect Consortium defining a high-level IoT software stack recently called for engineers to join its work on security. I know its rival, the Thread Group, is engaged in similar work. The IEEE is taking a different tack, organizing an effort in which policy makers to join engineers

IoT security was a hot topic at the recent RSA Conference. The Trusted Computing Group put out a white paper there about how to embed in resource-limited IoT nodes its approach to a hardware root of trust.

Stanford University recently wrapped up a seminar on the topic. Another good reference is this list of the ten top attack sites for IoT.

Imagination Technologies recently announced is developing its own approach called OmniShield based on TCG concepts. It plans to offer new features such as support for multiple secure domains, but its APIs probably won’t be ready until sometime next year.

Just yesterday, I got a note about the new Securing Smart Cities not-for-profit initiative. Security researchers at IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance created the effort to share information about cybersecurity challenges.

In the engineering toolbox, veteran embedded-systems consultant Larry Mittag recently noted Ubuntu’s Linux distribution for IoT, Snappy, has enforced application isolation as part of its built in security. Separately, Max Maxfield reported on security tools for SoC and FPGA designers from Tortuga Logic and noted several IoT security sessions at the upcoming Embedded Systems Conference in Silicon Valley he is organizing.

The Global Semiconductor Alliance recently released a report on IoT that called out security issues as noted in a story by my colleague Junko Yoshida. Ad today, IBM released the annual report from the Ponemon Institute on the state of Internet security generally.

The Ponemon study of 350 global companies across all industries said the average total cost of a data breach increased 23 percent over two years to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased six percent to $154. However, the cost in healthcare companies was as high as $363.

To read the rest of this article, visit EBN sister site EE Times.


0 comments on “IoT Security Groundswell Gathers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.