Security is critical for IoT devices, but how much is needed for various types of devices? Control systems in nuclear plants need a higher level of security than those in a home toaster, but how does an engineer decide? Cybersecurity firm Icon Labs has developed a whitepaper to guide IoT device engineers and manufacturers in IoT security.
Icon Labs worked with customers, industry experts, and analysts to develop the guidelines that are designed to make security design decisions a little simpler. The whitepaper identifies four classes of devices ranging from small, Class 1 (8-bit and 16-bit MCUs) devices that have very little room for additional security protocols, up to complex Class 4 devices that run on embedded Linux, Android, or a full-featured RTOS supporting multiple networking protocols.
The idea for a whitepaper came from the wide variety of security needs and varying levels of knowledge among Icon’s client base. “We decided to do this based on the conversation we’ve had with our customers. Some are coming from an IT centric point of view,” Alan Grau, Icon Lab’s president, told Design News . “They don’t really understand the nuances between an IoT gateway and a larger factory control device. So we decided to develop a whitepaper to explain it.”
Icon discovered that many customers had invested deeply in security without reaching down to every connected device. “People say they’ve done the usual stuff using MacAfee and Cisco. They’ve installed multi-million-dollar solutions, but they have nothing that will scale down to a $10 sensor,” Dave West, VP of professional services at Icon Labs, told us. “Or, they have infrastructure that is 10 or 15 years old that was never intended to be hooked to the Internet and now they’re connecting.”
To read the rest of this article, visit EBN sister site Design News.