The cybersecurity issues
In effect, the deployment of those complex IT infrastructure of inter-connected devices and services creates a new set of security challenges:
Different security model
While Traditional IT entreprise network and IT system are operated by people and employees in a controlled environment, connected devices are in the wild, with little to no user interaction.
Connected devices may either be deployed at large scale or embark multi-purpose and generic processors that are used to replace electronic functions. When reprogrammed by hackers, they may cause a lot of harm.
Infinite window of opportunity
At least, one sample device will get into the hands of the hackers and will be reverse engineered. Flaws and weaknesses will be found.
Security shall be integrated at every stage of product’s development, covering the entire product life-cycle. Traditional methods like detection and surveillance are important, but may be too late and/or not scalable.
Remote scalable attacks
Are the main vector that will used by hackers sooner or later, as it offers attractive business models for them: the cost of deployment is negligible even if their investment for designing the attacks may be high (>1M$).
Cybersecurity is a growing concern, and government are investing in new regulations to ensure that security is included at the design stage of the product. Those that do not meet the requirements will not go to the market.
Challenges associated to the cybersecurity issues
It is critical to clearly understand what is at stake, identify the threats and assets to be protected and define the security requirements for the overall technical infrastructure being deployed. A Risk Analysis needs to be conducted end-to-end, from chip to cloud and at all levels of the technical infrastructure e.g at the chip, device, systems, edge and cloud levels.More details
Security needs to be integrated at the design stage (security-by-design) and embedded in the most effective way wherever it is required in the technical infrastructure. There are many ways to embed security in systems and devices and the selected solution will be the result of a trade-off between cost, security level and performance.More details
Security needs to be insured along the full life-cycle of the infrastructure. For connected devices, this means that security requirements need to consider the device commissioning, de-commissioning and that the device software must be updated while in operation.More details
Trusted Computing Base
Security engineers define the Trusted Computing Base (TCB) as the set of hardware, firmware and software components that are critical to the security of a system. In order to limit the risk of vulnerabilities, the TCB need to be well identified, as small as possible and made-up of components that can be really trusted.More details
How we can help
At ProvenRun, we provide to our customers the Trusted Products and Services that will help them Embed Security within their infrastructure of connected devices and services wherever this is required, e.g at the chip, device, systems, edge and cloud levels with our: