Secure by Design : Necessary for the IoT Revolution

Stefan Pircalabu
Illustration: © IoT For All

How many industrial companies take cybersecurity seriously when creating their equipment? You would think all of them do that, right? Wrong.

Most companies allocate most resources to productivity and assure that their equipment has little or no downtime. Few of them ever take the problem of securing their devices seriously. Some even keep their devices disconnected from any outside source, limiting their capabilities to make sure they are secure.

There is, however, a way to make sure that your devices are safe from any malicious intent. Making your equipment secure by design — or using a device that does that for you.

In this article, you will learn about what “secure by design” means, how you can design your industrial equipment to be secure, and how to create a security “prosthesis” for the devices that already have security flaws in their design and functionality.

Secure by Design — How To?

What is secure by design? It means that you assess possible vulnerabilities at each step of your product development. For each functionality you add, communication channel, hardware, or software component you use, security risks must be identified and addressed. Then, you assure you have countermeasures in place in case of any possible malicious action someone might take.

IoT devices have the advantage of not being affected by communication latency (in most cases). Security and energy consumption are their primary concern. This enables most IoT devices to be designed in an extremely secure manner if companies allocate the time and resources. However, most companies rush their devices to market without giving too much thought to security. This usually happens because of the pressure executives, with limited technical knowledge, put on their developers. Or maybe because of the financial limitations, in the case of startups.

Most companies use the “security through obscurity” approach , which means that they don’t need to fix them if they don’t reveal their vulnerabilities. That is, obviously, a terrible approach.

To ensure your company’s security, you must not stop designing every individual device to be secure. It would help if you also dived into network security. Devices must be able to interact with each other safely. Towards this purpose, secure communication protocols and data transfer channels must be chosen carefully.

Devices need to know each other and not allow external unsafe devices to join their “conversation.” This can be achieved by storing critical IDs and credentials so that they cannot be altered. Those can be stored in highly secure software compartments. Even better, they can be stored using various hardware techniques and components, different from the easily accessible binary memory.

How to Secure Deployed Equipment

Remember the “security prosthesis” mentioned at the beginning of the article? That is a hardware component that can be easily integrated with the equipment that requires increased security. A chip that can offer protection to the devices designed with poor or no security in mind — you would be surprised how many are there. When used on the entirety of a company’s IoT devices, this chip can create a very secure internal network.

There are two main reasons why this kind of device is needed.

Firstly, there are numerous industrial devices out there that were not designed with security in mind. Some of them may be connected, thus endangering their company. Others work unconnected so that they can be safe. However, the future of IoT requires connectivity. This “prosthesis” will ensure that the future is possible.

Secondly, IoT devices will continue to be produced, with companies still ignoring their technology’s security aspect. That is why they will require a security component that can take this burden off their chest.

Few companies currently develop a solution like this. Some of them are implemented by using the most recent advances in hardware technology and microelectronics. Power-efficient hardware components dedicated to cybersecurity are a must for the future of IoT. This industry requires a more efficient combination of hardware-software security solutions rather than software-only security solutions — which usually are very weak and power-hungry.

Security :  The Ever-Present Underdog

Cybersecurity certainly doesn’t get too much media attention. Yet, it is crucial to the future. The number of connected devices is growing exponentially, and so is the data generated by them. Since they are related, so too will the breaches and potential points of failure.

Lately, it seems that the world is stuck on creating software solutions for everything. But they forget that hardware made the digital revolution possible. In the same manner, hardware will secure the future of IoT and ensure the next revolution. Companies who are serious about security should make their own hardware.

Stefan Pircalabu
Stefan Pircalabu
I'm passionate about AI, IoT, Hardware & security
I'm passionate about AI, IoT, Hardware & security