Semiwiki 400x100 1 final
WP_Term Object
(
    [term_id] => 97
    [name] => Security
    [slug] => security
    [term_group] => 0
    [term_taxonomy_id] => 97
    [taxonomy] => category
    [description] => 
    [parent] => 0
    [count] => 299
    [filter] => raw
    [cat_ID] => 97
    [category_count] => 299
    [category_description] => 
    [cat_name] => Security
    [category_nicename] => security
    [category_parent] => 0
)

How many engineers does it take to get an IoT security certificate?

How many engineers does it take to get an IoT security certificate?
by Diya Soubra on 01-22-2018 at 12:00 pm

Spoiler alert, the answer is none!

Let me take you back to the beginning to explain that answer.


For the sake of this discussion, I will reduce a complex IoT solution to three fundamental blocks:

  • IoT node
  • IoT Gateway
  • IoT Server

The IoT node is a sensor that converts analog, physical world context into digital data. The node has to have a processor to run an IoT protocol stack and a radio to connect to the network. The technology for building nodes is abundant. Every week there is a release of best-in-class devices such as this one:
21016-171115eedn-st-_stm32l4_mcu_series_image_1.jpg
For the radio part, in-between LoRa, SigFox and NB-IoT, system designers have a wide choice to fit each specific vertical application. SigFox seems to be so successful that it has to be attacked with fake news to slow it down.

There is also an abundance of IoT node stacks. Choice is always a good thing to have as a vibrant ecosystem is essential in any industry:

Express Logic’s X-Ware IoT Platform™ to Bring Industrial Grade Connectivity to Thread® Networked Devices

Amazon Free RTOS

ARM Mbed

ARM Coretex-A7 based industrial IoT Gateway From Cascademic Solutions

The conclusion so far is that we have the technology to build and connect a trillion end points in a cost efficient manner.

Moving up, the IoT Gateway benefits from the economy of scale of mobile phones. The same devices used in mobile phones are fit for purpose for gateways. Raspberry Pi copycat boards are on the market for $9.

For gateways, the concern is about software and the ease of bringing web developers to integrate IoT nodes into their web infrastructure. The offer is abundant.

Universal IoT Gateway Middleware – Speed up IoT Development

Once we reach the server side we enter the well established domain of the cloud and cloud software where compute power and storage are infinite. True, we need a new service for IoT node management but that is an add-on to the cloud infrastructure, not a new one. Server software is about converting digital data into information to make decisions which is where the value resides.

Get started with Azure IoT Hub Device Management

IoT solution providers are abundant too. They do magic to pull together all these building blocks into a coherent end to end solution.

KILKA-TECH Portfolio

IOTA Data Marketplace

Smart Energy

Even the subject that I have been ranting about for a long time seems to be en route to be resolved, the IoT Data Market place that removes the need for data brokers. This is the ultimate goal for IoT, automatic node to node contracts on the fly.

At this point we should all be feeling very warm and fuzzy. We have solved all the issues blocking the deployment of billions of nodes. right? Yes, except for the question relating to liability in case of a security breach.

Arm took the initiative to highlight this to the industry by issuing a security manifestoand by releasing a Platform Security Architecture.

For IoT, we are talking about thousands of companies and verticals. How does a company manage the liability from a security breach across millions of nodes? Usually there is a set of industry specific regulations that one can certify a solution against and thus limit the liability in case of a hack.

Given the lack of governmental IoT security regulations then there is no certification possible hence the number of engineers required to certify an IoT node is zero. et voila!

Yes, I know, it took a while to get to this point.

In the past five years the industry has taken giant steps to supply all the building blocks required to release the value locked in IoT deployment, at scale. We are at the finish line with IoT security certification and regulations. Relativity tells us that time runs slower in political circles than in hi-tech. Eventually we will start to see regulations issued world wide for IoT security. Once the regulation is in place then we need to sort out the logistics of certification for a trillion nodes with firmware that changes over time. Meanwhile may be we should explore self certification in the spirit of the security manifesto!

Thousands of verticals with millions of nodes each, such exciting opportunities!

Share this post via:

Comments

There are no comments yet.

You must register or log in to view/post comments.