For the Iot to Deliver, We Need to Agree on How We Secure It
Few of us would consult with a doctor who did not have some kind of medical certification, give our child a toy that hadnโt passed basic safety standards or install a water heater that had not been certified to meet industry regulations.
Yet every day, companies of all sizes are designing, deploying, and trying to manage thousands of Internet of things (IoT) devices without common standards, regulations, or a consistent approach to IoT security.
Who hasnโt heard of the hackers who stole the details of a casino’s high-roller database through a poorly protected thermometer in the lobbyโs fish tank? Or researchers who discovered a way to access a robot-connected vacuum cleaner and spy on the homeowner through its onboard camera and microphone?
IoT devicesโfrom intelligent edge gateways to ultra-constrained sensorsโare permeating every aspect of our lives and transforming entire industries. IoT security has to be uniformly and effectively addressed to build trust, and with trust the IoT can scale and deliver value to new and emerging services across multiple markets.
Internet of Things security is a growing challenge
As the challenges of IoT security grow and IoT security trends become more complex, everything from cars to baby monitors to pacemakers to lightbulbs are at risk of being compromised, exposing confidential or private data or surrendering control of a wider system as the new weapon of choice in malicious attacks. At worst, whole swathes of IoT devices could be compromised to form a giant botnet capable of taking down high-profile targets.
So how do manufacturers and businesses know how to protect their IoT deployments, and what are they protecting them from?
Today, very few IoT devices are subjected to any security testing, let alone the kind of independent testing that can instil the same level of trust and peace of mind that we get when we visit a licensed medical professional or buy a babyโs toy.
In the Arm 2018 Security Manifesto, Yossi Naar, chief visionary officer and co-founder of cyber security company Cybereason, explained that โin too many cases security features are considered toward the end of the design process when making a product more secure can mean reducing or eliminating features, or even delaying a product release โ outcomes that can hurt sales. Itโs a situation that can end without any winners, with devices released that are inherently insecure.โ
The reasons for this are clear: developers often lack security expertise and access to simple, consistent frameworks that enable them to build on the security capabilities of devices. Combined, these kinds of challenges are reinforcing a lack of trust and slowing uptake in the Internet of Things.
Certification helps build trust
The good news is that many industry organizations and consortia are beginning to promote IoT standards, and regulators are waking up to the need for strident IoT security. However, thereโs still too much fragmentation; in a landscape of immature and fragmented markets with diverse requirements and massive data challenges, there remains a huge need for a consistent and inclusive approach.
In short, only industry-wide certification can help to build trust in devices and create value in existing and emerging use cases.
Consider that the vision for IoT is the deployment of massive numbers of connected devices, all generating a huge volume of data. For businesses, that data is then processed locally, at the edge or in the cloud, to generate business insights and drive productivity gains.
However, the validity of those business insights is predicated on those devices and their data being trusted. This trust can only be established by having the right level of security for the given use case. And only independent security certification can establish the trust necessary for IoT to deliver business value.
Multi-level assurance and robustness
In working closely with our partners to help mitigate these risks and challenges, we recognised that if the reality of a trillion connected devices is to be met, we needed to develop a trusted framework for IoT security that the industry can follow to build-in consistent security from the ground up. The result was the Platform Security Architecture, or PSA โ an architecture-agnostic framework that many manufacturers are already using to implement the right level of security for their IoT projects.
PSA has four key elements: analysis, architect, implement and certify. Arm has freely published the specifications, threat models, and reference firmware related to PSA, and PSA has received wide industry support as a cost-effective and consistent security initiative.
To complement PSA, in February 2019 PSA Certified was launched. PSA Certified is an independent certification scheme that enables silicon vendors, OS vendors, and OEMs, to build trust in devices and the services that rely on them.
PSA Certified was developed in partnership with leading test laboratories and security consultants to ensure independence and the broadest market enablement. These labs include Brightsight, CAICT, Riscure and UL, and external security consultants Prove and Run.
Through the close collaboration of industry experts, all with the common goal of raising the security bar, PSA Certified has been designed as a multi-level assurance and robustness scheme. Several leading silicon vendors are already PSA Certified at Level 1. A multi-level scheme is important because clearly a one-size fits all approach to IoT security doesnโt meet the breadth of business or IoT use case needs.
Scale IoT with PSA Certified
The multi-level nature of PSA Certified allows companies to determine and then independently verify the right level of security for their use case. Once the right level of assurance and robustness is reached, trusted service deployment at scale can be achieved.
If the reality of a trillion connected devices is to be met, many of which will spend years in the field, we must build trust into those devices through simple, independent multi-level IoT security certification and consistent developer APIs. Only then can consumers rest easy that they made the right choice, and businesses realize the full potential of IoT.
Platform Security Architecture and the PSA Certified scheme is already helping to secure and scale the Internet of Things (IoT). Discover more at www.psacertified.org.
Any re-use permitted for informational and non-commercial or personal use only.
Editorial Contact
Latest on Twitter
Congratulations to Tamika Curry Smith, our Chief DEI Officer who has been chosen as one of @SavoyNetwork's Most Influential Executives in Corporate America for 2024. ๐
The honor recognizes Tamika's commitment to community, leadership, and success: https://okt.to/2NvDOZ
This #EarthDay, we're celebrating our collaboration with @UNICEF, to unlock the life-changing potential of technology in Malawi.๐ง
Our investment has helped UNICEF install two water supply systems, helping provide 11,000 people with access to safe water and sanitation services.
ISA parity isย accelerating silicon and software deploymentย in automotive!ย ๐๐จ
ย
๐ย At #ew24 we showcased what this looks like in practiceย via virtual platformsย with our Neoverse-based cloud instances and new Arm AE IP, which brings almost 100% ISA parity. https://okt.to/cjVaFN
The future of automotive is here.ย ๐
ย
Hear from Dipti Vachani on @IBDinvestors as she shares details on the game-changing performance and functional safety features of our new Armv9-based AE processors and server-class Neoverse technology:ย https://okt.to/WVtw58
AI is expected to increase data center power consumption 3๏ธโฃx by 2030.
To offset this, hyperscalers like Amazon and Google turn to Arm Neoverse to reduce power without compromising performance.
That's why the future of AI is built #onArm. https://okt.to/LPVFWd
We're working with our partners @Simprints, @Gavi and @_GHSofficial to enable healthcare equity in Ghana.
Built #onArm, Simprints technology is enabling vaccine equity by making it easier to verify vaccine delivery by individual:ย https://okt.to/MIcgxu
If Arm technology is in there, then the future will be too.
Our energy-efficient compute platforms are foundational to the world's technology and AI computing, shaping how we work, play and connect.
That's why the future is built #onArm. https://okt.to/M9wqc8
Here's to a fantastic week at Embedded World! ๐
From lightning talks and speaker sessions to demos of our latest automotive and IoT technologies, we brought our vast ecosystem together to showcase what's possible when you build #onArm.
Thank you to everyone that joined us. ๐
๐ย Software-defined vehicles (SDVs) are the future of automotive and they're being built #onArm.
Robert Day joins @Sonatus and @MotorTrend on the latest podcast to talk all things SDVs and where the industry is headed.
๐๐ Listen below.
๐ย And the winner of the Embedded Awards 2024 goes toโฆ @Ambiq_AI's Apollo510 MCU!
This winning tech opens the door to new local AI opportunities on billions of devices.
Listen in as the team talk us through their exceptionally efficient Arm-based SoCs at #EmbeddedWorld.
David Maidment recently shared his thoughts on the future of edge computing at #EmbeddedWorld!
Missed the talk? Catch up on his insights into the evolution of edge computing across billions of diverse connected devices to build a secure AI-enabled future: https://okt.to/EtfSRN
AI is everywhere at this year's #EmbeddedWorld.ย
๐ With the demand for more autonomy, increasingly advanced user experiences and the trend toward electrification Dennis Laudick shares why AI will remain crucial to drive innovation in the software-defined vehicle.
#ew24
Two identical demos. One different NPU.
Our new Ethos-U85 NPU is optimized for transformer networks to deliver the performance needed for edge AI use cases - including high performance voice and vision experiences.
This makes it perfect for AI applications like Genย AI. #ew24
We're ready for the final day of #EmbeddedWorld! ๐
It's been a fantastic show so far showcasing our power-efficient compute platforms that are fueling the future of edge AI.
Reply with an emoji to let us know if you'll be visiting us on the show floor. ๐
#ew24
What's trending at #EmbeddedWorld?
AI, AI and more AI. ๐ฅย
@pnwilliamson shares where you might find edge AI in action from our ecosystem partners building the future #onArm. #ew24
At the Arm booth at #EmbeddedWorld you'll find:
โ
Partner demos from the likes of @NXP, @Ambiq_AI and @_Elektrobit
โ
Partner Lightning Talks from @Microsoft, @EdgeImpulse and more
โ
Our latest IoT and Automotive tech
#ew24
๐ We're taking edge AI innovation to the next level with the new Arm Ethos-U85 NPU and Corstone-320 IoT Reference Design Platform.
@pnwilliamson shares how these new technologies are transforming future voice, audio and vision applications live from #EmbeddedWorld. #ew24
Get to know LaunchX from NetsPresso by @nota_ai, on show at #EmbeddedWorld. ๐
Designed to help you easily convert and benchmark AI models, it supports a ton of Arm-based devices from our partners including Arduino, NXP, Renesas, Raspberry Pi and NVIDIA. #ew24
๐บ๐ธ๐ฏ๐ต We're proud to support new AI research partnerships between universities in the US and Japan.
Through close collaboration between business, academia and government we can continue to advance AI innovation to transform industries and improve lives. https://okt.to/9JbahF
๐ข Custom Arm-based silicon from @GoogleCloud is here!
Axion, built on Armv9 Neoverse V2, will bring performance & energy efficiency gains to AI inferencing & general-purpose workloads, like web and app servers.
Congrats to the team! ๐ https://okt.to/xS4cBN #GoogleCloudNext
It's time for #EmbeddedWorld! ๐
We're in Nuremberg this week showing you how to build your AI-accelerated future #onArm. ๐
Canโt join us in person? Keep up to date on social media for live updates from the show! #ew24
๐ Get ready to accelerate edge AI with the new Arm Ethos-U85 NPU and Corstone-320 IoT Reference Design Platform. โก
With performance and efficiency uplifts, developers can now deliver greater AI compute in smaller, more cost-sensitive devices: https://okt.to/cJPTCQ
When it comes to AI and ML at the edge, challenges like hardware fragmentation and performance optimization stand in the way of widespread adoption.
ย
@pnwilliamson shares how developers can navigate this, with an invitation to join us at Embedded World: https://okt.to/tpsPTd
With the AI boom fueling demand for compute, our CEO Rene Haas speaks to @jchatterleyCNN on the importance of ecosystem collaboration to unlock unique capabilities we've not seen before.ย
ย
Listen to the @CNN podcast at 28:38 for the full interviewย ๐ https://okt.to/mcH1tF
