search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
SMART TECH & IOT FEATURE


A DIGITAL DYSTOPIA – AN INTUITIVE IOTOPIA?


Securing individual devices has assisted the embedded industry in this digital age. But what about the wider network? With information substituting as a valuable, vulnerable currency in the computing world, Gil Bernabeu, technical director, GlobalPlatform, argues how standardisation could help protect this asset


T


he IoT ecosystem needs to get serious about cybersecurity. There were 105 million cyberattacks on IoT devices in the first half of this year alone. What’s more, there are more devices to secure than ever before: the total installed base of IoT connected devices is predicted to reach 75.44 billion worldwide by 2025. Many of these devices – from sensors and actuators to automobiles and industrial machinery – do more than just provide information: they can make use of sensitive data, impacting the physical world, in often critical ways. But it’s not just the amount of devices that is the problem; embedding connectivity can turn any object into an IoT device, so it’s no longer about the number of things but the number of types of things. And as a wider variety of objects become connected, many new manufacturers, particularly those whose products have traditionally been used without connectivity, have insufficient cyber security expertise. This leads to many underestimating the seriousness of the problem – device manufacturers and service providers spend only 11 per cent of their total IoT budget on security. Action needs to be taken and fast: the average time that it takes for an IoT device to be attacked, once connected to the internet, is just five minutes. Along with this, consumers aren’t as informed as they should be. Even though 54 per cent of consumers own an average of four IoT devices, only 14 per cent believe that they are knowledgeable on IoT device security. When the lack of understanding among end users on the security risks is combined with the scope of devices that need to be secured, the challenge for the industry is plain to see. The attack surface is huge, leaving all end users, service providers and manufacturers vulnerable.


SOLVING THE SECURITY STRUGGLE It is essential that these gaps in the IoT ecosystem are filled to mitigate the concerning security issues. And it cannot be an afterthought – effective security


needs to be built into the device from the very beginning. Foundational security is fundamental to ensuring that digital services and devices can be trusted and securely managed throughout their lifecycle. This starts with verifying if devices have been built using ‘secure by design’ methodologies. These devices should be manageable throughout their life to enable updates and maintenance of services, as requirements and threats evolve.


PAVING THE WAY TO STANDARDISED SECURITY GlobalPlatform is working to address the security concerns facing the IoT ecosystem so that its potential can be realised. As a non-profit association driven by its member companies, the focus of GlobalPlatform is the standardisation and interoperability of application management within secure components like Secure Elements (SE). Building on its existing work to secure the IoT, GlobalPlatform has now introduced IoTopia, which proposes a common framework for standardising the design, certification, deployment and management of IoT devices. IoTopia device security will be testable and shall meet vertical market requirements by building upon the following four foundational pillars: Secure by design: Specific, detailed capabilities and features that go beyond best practice, and define how secure components and APIs can be used with existing secure by design standards. Device intent: What is this thing? Who is responsible for it? How do I protect it and my business? Is it behaving as it should? IoTopia proposes to leverage IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to effectively manage device permissions and access on networks. Autonomous, scalable, secure onboarding for IoT devices: IoTopia will offer an open, standards-based, secure onboarding process to streamline network administration. This process


/ ELECTRONICS


Gil Bernabeu, technical director, GlobalPlatform


will help solve problems for network administrators, restructuring the many and varying types of things that need to connect to their networks. Device lifecycle management: Software, firmware and hardware patching and updates, update tracking, end-of-life support/service, to effectively manage devices throughout their entire lifecycle, including updates and maintenance to services, in line with international regulations. These will help device manufacturers, device owners, network vendors and IT staff to implement product end-of-life. These four pillars will deliver a common, cross industry IoT security framework to device makers, hoping to deliver the standards-based approach to IoT security implementation that the ecosystem requires.


GlobalPlatform www.globalplatform.org


ELECTRONICS | DECEMBER/JANUARY 2020


39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52