Secure by design — a necessity for the internet of things revolution

How many industrial companies take cybersecurity seriously when creating their equipment? You would think all of them do that, right? Wrong.

Most companies allocate most resources on productivity and assuring that their equipment has little or no downtime. Few of them ever take the problem of securing their devices seriously. Some even keep their devices disconnected from any outside source, limiting their capabilities to make sure they are secure.

There is, however, a way to make sure that your devices are safe from any malicious intent. Making your equipment secure by design — or using a device that does that for you.

In this article, you will learn about what “secure by design” means. How you can design your industrial equipment to be secure. And how to create a security “prosthesis” for the devices that already have security flaws in their design and functionality.

Security starts from hardware.

Secure by design — how to?

What is secure by design? It means that you assess possible vulnerabilities at each step of your product development. For each functionality you add, communication channel, hardware, or software component you use, security risks must be identified and addressed. Then, you assure that you have countermeasures in place in case of any type of possible malicious action someone might take.

Internet of things devices have the advantage of not being affected so much by communication latency (in most cases). Security and energy consumption are their primary concern. This enables most internet of things devices to be designed in an extremely secure manner if companies allocate the time and resources to do so. However, most companies rush their devices to market without giving too much thought to security. This usually happen because of the pressure executives, with limited knowledge about technology, put on their developers. Or maybe because of the financial limitations, in the case of startups.

Most companies use the “security through obscurity” approach — which means that if they don’t reveal their vulnerabilities, they don’t need to fix them. That is, obviously, a very bad approach.

To ensure the security of your company, you must not stop at designing every individual device to be secure. You must also dive into network security. Devices must be able to interact with each other safely. Towards this purpose, secure communication protocols and data transfer channels must be chosen carefully.

Devices need to know each other and not allow external unsafe devices to join their “conversation”. This can be achieved by storing critical IDs and credentials in such a way that they cannot be altered. Those can be stored in highly secure software compartments. Even better, they can be stored using various hardware techniques and components, different from the easily accessible binary memory.

Photo by David Levêque on Unsplash

How to secure deployed equipment

Remember the “security prosthesis” I mentioned at the beginning of the article? That is a hardware component that can be easily integrated with the equipment that requires increased security. A chip that can offer protection to the devices designed with poor or no security in mind — you would be surprised how many are there.This chip, when used on the entirety of a company’s internet of things devices, can create a very secure internal network.

There are two main reasons why this kind of device is needed.

Firstly, there are numerous industrial devices out there that were not designed with security in mind. Some of them may be connected, thus endangering their company. Others work unconnected so that they can be safe. However, the future of the internet of things requires connectivity. This “prosthesis” will ensure that future is possible.

Secondly, the internet of things devices will continue to be produced, with companies still ignoring the security aspect of their technology. That is why they will require a security component that can take this burden off their chest.

“People who are really serious about software should make their own hardware.”

— Alan Kay

A solution like this is developed currently by a few companies, including mine. Some of them are implemented by using the most recent advances in hardware technology and microelectronics. Power efficient hardware components dedicated to cybersecurity are a must for the future of internet of things. This industry requires a more efficient combination of hardware-software security solutions rather than software only security solutions — which usually are very weak and power hungry.

Photo by Tom Chen on Unsplash

Security — the ever-present underdog

Cybersecurity certainly does not get too much media attention. Yet, it is crucial to the future. The number of connected devices is growing exponentially and so is the data generated by them. Since they are related, so will the breaches and potential points of failure.

Lately, it seems that the world is stuck on creating software solutions for everything. But they forget that hardware made the digital revolution possible. In the same manner, hardware will secure the future of the internet of things and ensure the next revolution. Companies who are serious about security, should make their own hardware.

Related Posts