inexpensive connected products. These devices are made by companies that may not have deep resources to ensure the security inside the products. “Cost is relative. Security is much cheaper if you do it in the device rather than at the system level,” said Yanamadala. “A few pennies spent to secure the chip more robustly is less expensive than securing the brand and avoiding recalls. It may be a two-cent cost, which is cheaper than recalling and fixing products in the field.”
Is Regulation the Answer?
Many of the new IoT devices are popular because they are inexpensive. These devices are pushed for their low cost, and they are not likely to come with sophisticated security. Yet these cheap devices are now a link in the connected chain. “The issue today is that no one really cares about security as long as the device is cheap and it works. The device makers are not like the traditional PC and phones makers who have teams of people working on security,” said Asaf Shen, VP of ARM. “The device makers are already working on the next model. Neither the users nor makers are interested in solving this. Someone has to step in and regulate it.”
Small connected products may ultimately have to comply with security requirements that guard liability in larger products. “The answer may lie in holding companies libel for security vulnerabilities and putting in regulations backed by audits. Having secure processes and being libel to be audited has been around in auto and in the military,” said Tim Dry, a marketing manager at GlobalFoundries. “The path and processes need to be audited and that means guards at the gates.”
[image via Pexels.com]
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.