Feature: Software
vulnerabilities will be discovered and soſtware updates needed throughout the device’s life. Te ability to reboot securely aſter a device has been compromised is essential.
Resilience is crucial Resiliency is critical when it comes to an organisation addressing strategic, financial, operational and informational cyber risks – especially when growing and undergoing digital transformation. Te most important component for resiliency is identity and access management, as administrators handle critical components within their networks. Who, what and when are crucial parameters to monitor
through all the network’s layers in order to stay on top of its health. Accessing systems and their ability to carry out system checks requires many sensors, to help detect abnormal behaviour and deviation from normal patterns. To build a productive and effective security system, there
must be the two major security building blocks: Te security orchestration, automation and response systems (SOAR), and security information and event management (SIEM). Te ETSI standard also builds on the work of TCG’s Cyber
Resilient Technologies Work Group, which aims to make IoT devices more robust. Tis will give them the best chance of applying safeguards through protection from persistent code and configuration data detection, when vulnerabilities are leſt unpatched or when corruption has occurred and the capability to reliably return to a known, good state, even if the platform is compromised. Protection techniques lessen the likelihood that malware
is able to persist by itself. To build resiliency, it is important that developers look at ways to protect systems with updatable
persistent code and configuration data, to limit the chances of malware remaining, whilst ensuring that code and data within the device remain safe. It is also crucial that detection techniques be integrated,
to guarantee a platform remains healthy once the device is disconnected, using standalone measures such as secure boot or remote attestation. Detection includes the creation of evidence about the kind of platform and where a verifier could obtain accurate health information. Once the detection techniques identify a problem, a recovery
state is vital. When triggered, recovery will try to return the device to a functional state, which could involve updating code or changing security settings. For connected devices, such as those deployed within the consumer IoT industry, this helps identify misconfigured or unpatched code. It also allows for reliable deployment of updates by the manufacturer, service provider or end user, to ensure that the security built in at the design stage continues to protect the device until its end of life.
A safe, secure future With the number of cloud-connected devices set to rise within the home, car, industry and elsewhere as technology advances, the ETSI standard alongside the incorporated TCG technologies will play an important role in safeguarding enormous amounts of personal data from interception and networks under attack. By encouraging a security-first approach and building on essential principles of updating, protection and resilience, billions of IoT systems will benefit from a safe, secure future, despite a growing rise in cyber security risks as more and more applications connect to the cloud in this increasingly-growing connected world.
www.electronicsworld.co.uk July/ August 2022 27
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
