Security where Machine-to-Machine (M2M) and the Internet of Things (IoT) is concerned is uppermost on everybody’s minds, these days. A white paper brought out by Wind River, a company that has been working in the field of embedded technology solutions for almost three decades, says security “cannot be thought of as an add-on to a device, but rather as integral to the device’s reliable functioning.”
The paper, authored by A J Shipley, Sr. Director, Security Solutions, Wind River, says how important it is for software security controls to be introduced at the operating system level to take advantage of the hardware security capabilities now entering the market, and extend it up through the device stack to continuously maintain the trusted computing base. Building security in at the OS level takes the onus off device designers and developers to configure systems to mitigate threats and ensure their platforms are safe.
The transition from closed networks to enterprise IT networks to the public Internet is
accelerating at an alarming pace—and justly raising alarms about security. Thus, the question before all of us today is: As we become increasingly reliant on intelligent, interconnected devices in amost every aspect of our lives, how do we protect potentially billions of them from intrusions and interference that could compromise personal privacy or threaten public safety?
Unfortunately, there is no “silver bullet” that can effectively mitigate every possible cyberthreat, explains the white paper. The good news, though, is that tried-and-true IT security controls that have evolved over the past 25 years can be just as effective for IoT—provided they are adapted to the “unique” constraints of the embedded devices that will increasingly comprise networks of the future.
Security at both the device and network levels is critical to the operation of IoT. The same intelligence that enables devices to perform their tasks must also enable them to recognise and counteract threats, writes Shipley in the paper. Security must be addressed throughout the device lifecycle, from the initial design to the operational environment: from booting to access control to the downloading of patches.
Image Credit: Wind River
– Advertising Message –