The IoT security stable door is still open; is it too late to bolt it?

1 min read

The CEO roundtable at electronica – held two weeks ago in Munich – is one of the event’s set pieces. As the title suggests, a number of industry leaders get together for an hour long discussion of a topic of the moment – as long as the questions are easy.

This year’s roundtable – ‘Connected Worlds – Safe and Secure’ – was, in some ways, a reprise of the 2014 roundtable, which explored the IoT in general and recognised that security needed to be addressed.

The discussion roamed around a couple of obvious themes, but by the end of the session, it became apparent that the semiconductor industry’s representatives – if not taking a step back – believe security isn’t a problem they have to solve alone. Application and software developers, the message appeared to say, have as much – if not more – responsibility.

In some respects, IoT security hasn’t made any great leaps forward in the last two years, but the panellists agreed the challenge continues to grow. A newcomer – Professor Frank Fitzer from TU Dresden – asked ‘who are the enemies?’. Once, he said, people hacked into systems ‘for fun’. “Now, states are doing the hacking.”

So how can you defend systems against such concerted attacks? Prof Fitzer believes the necessary security could be provided in the network, rather than at the device level. “We need something that monitors network integrity – and that can’t be done in today’s end-to-end system,” he said.

But companies also have a responsibility to design secure products – and this could be enforced by consumers. NXP’s Rick Clemmer pointed out that companies need to establish a reputation for creating products that can’t be hacked. Noting that people associate brands such as BMW with quality, he said companies will have to establish similar levels of brand reputation, allowing consumers to make decisions about product security.

While the consumer might have a positive effect on device security, their purchasing power will always be ‘after the event’; many unsecure products will have reached the market beforehand.

So industry will still have to take the lead – yet one panellist contended ‘some parts of industry don’t care’.

If that is the case, it makes you wonder whether it will be possible for this particular stable door to be bolted.