The new insights come at the end of period when cybersecurity concerns were mostly limited to cloud computing platforms, while embedded application development practices have tended to pay little attention to the need for ongoing maintenance and security.
Today, cloud-native application development and AI use cases are forcing embedded developers to take cybersecurity much more seriously.
Looking ahead over the next six years to the end of the decade, Foundries.io expects embedded device OEMs to face an increasing number of security threats. The more hostile environment will be stoked by geopolitical tensions, and conflict with states that use cybersecurity as a military and political weapon.
Foundries.io makes the point that the security picture will also be made more difficult by the emergence of AI-based software tools that can be used to generate and modify new forms of malware at high speed.
At the same time, according to Foundries.io’s leadership team, the growing use of open-source software (OSS) packages of uncertain provenance provides additional gateways for cyber-attackers to seed vulnerabilities in unprotected embedded products.
In response, a wave of legislation and security standards looks set to come into force, including measures already announced by the EU and US governments: the EU Cyber Resilience Act and the White House and Congress’ National Cybersecurity Strategy. At the same time, consumers’ privacy concerns and a growing awareness of the financial and reputational costs of security breaches will give OEMs a stronger incentive to invest time and money in strengthening their cyber defences.
The Foundries.io forecast predicts that the embedded device industry will be highly motivated to implement new development and device management practices that prioritise security protection.
New workflows implemented from the start of prototype development will allow for functions such as seamless over-the-air (OTA) updating, automatic generation and maintenance of a software bill-of-materials (SBOM) specific to each production unit, and cryptographically verified attestation of the sources of all third-party software packages in a device.
Commenting George Grey, founder and CEO of Foundries.io, said, “Device security is the defining issue of the 2020s for the embedded computing industry. We are no longer makers of ship-and-forget products: every embedded product in all its many variants needs to be continuously protected for its entire lifetime. The new challenge for device OEMs is to implement a smooth workflow that makes the delivery and installation of security updates to a heterogeneous fleet of devices automatic and flawless.”
He continued, “OEMs will also need to put in place update and fleet management frameworks that can cope with new and unknown threats, such as the danger to current cryptographic algorithms posed by quantum computers.”
The Foundries.io forecast for the rest of the decade is based on analysis drawn from current customers and from the leaders of Foundries.io’s technology and product development teams.
The forecast is being used to direct the future development of the next generation of Foundries.io’s FoundriesFactory platform, and its Linux microPlatform (LmP) operating system for Arm Cortex-A, x86 and RISC-V architectures.
New features under development in response to the analysis include tools for automatically attesting the source of open-source software packages, and a new enterprise option for OEMs to own a maintained DevSecOps backend which includes a secure air-gap update and secure OTA infrastructure.
