Security needs to be insured along the full life-cycle of the infrastructure. For connected devices, this means that security requirements need to consider the device commissioning, de-commissioning and that the device software must be updated while in operation.
Security engineers define the Trusted Computing Base (TCB) as the set of hardware, firmware and software components that are critical to the security of a system. In order to limit the risk of vulnerabilities, the TCB need to be well identified, as small as possible and made-up of components that can be really trusted.
Security needs to be integrated at the design stage (security-by-design) and embedded in the most effective way wherever it is required in the technical infrastructure. There are many ways to embed security in systems and devices and the selected solution will be the result of a trade-off between cost, security level and performance.
It is critical to clearly understand what is at stake, identify the threats and assets to be protected and define the security requirements for the overall technical infrastructure being deployed. A Risk Analysis needs to be conducted end-to-end, from chip to cloud and at all levels of the technical infrastructure e.g at the chip, device, systems, edge and cloud levels.