EEJournal

editor's blog
Subscribe Now
May 6, 2014

IoT Paranoia – Not a Bad Thing

by Kevin Morris

While the Internet of Things (IoT) is full of promise, there’s one word that summarizes all that people fear about it: security.

We got to hear a bit about that at a session dedicated to the topic at the recent Internet of Things Engineering Summit co-conference at EE Live. Presented by consultant George Neville-Neil, it wasn’t about technology per se; it was about our state of mind.

Most of us believe it’s important to keep intruders out. His main takeaway: assume they will get in. Because, eventually, they will. Building sturdy walls is good and important, but planning for what happens next is also important.

什么引起了我的耳朵尤其les之一s-obvious possible consequences of not minding the store properly: a “consent decree.” I’ve heard the term in a generic sense, but it’s not obvious what the implications are if you’ve never had one (which I haven’t, which is why I asked). Apparently, if you’ve been careless with security, a consent decree allows the Federal Trade Commission (FTC) to become your overseer, getting all up in your business and stepping in when they want. Most of all, the documentation required during the term of the decree sounds particularly onerous. So… avoid this.

一边,以下是我的attempt to summarize his supporting recommendations (“attempt” because I was writing furiously to keep up):

  • Shrink the “attack surface” (i.e., expose less). Meaning, drivers, daemons, features, debug access, web servers, data loggers, etc.
  • Separate out “concerns.” I.e., no processes with root access or super-control; restrict access to data. Nothing gets access to anything irrelevant.
  • “Defense in Depth” – rings of security. What happens when the first wall is breached?
  • Provide only those features really needed. (OK, marketing will have a fun time with this. You know the drill:
    • Marketing: Here are the features we need in the next release.
    • Engineering: You can’t have them all; which ones do youreallyneed?
    • Marketing: We need them all. We didn’t bother asking for the nice-to-haves.
    • Engineering: Well, which of these do you need least?

In other words, marketing probably already thinks they’re getting less than the really-needed features.)

  • Be conservative in what data you accept and send.
  • Review your code.
  • Review other people’s code – especially when incorporating someone else’s code or IP. Do an internet search for the package along with words like “crash” or swear words to find red flags.
  • Use “sandboxing” to provide isolation.
  • Use automation to test and analyze your code. Oh, and don’t forget to look at the results.
  • And, the bottom line, “Plan for Compromise.”

And sleep with one eye open. Because They’re coming, you know…

Leave a Reply

featured blogs
Toyota Motorsports Increases Turbocharger Compressor Efficiency with Fidelity
Mar 9, 2023
Do you want to learn more about Fidelity's optimization tools? Register for this webinar: Toyota Motorsports is a high-performance testing and development facility in Cologne, Germany. One of their focus points is chassis and engine design for automotive and motorsports....
More from Cadence...
Q&A with Shelagh Glaser, Synopsys CFO, on Glass-Ceiling Breaking and Change Making
Mar 8, 2023
We sat down with CFO Shelagh Glaser to discuss breaking the glass ceiling for women in tech, the importance of mentorship, and managing economic downturns. The post Q&A with Shelagh Glaser, Synopsys CFO, on Glass-Ceiling Breaking and Change Making appeared first on From...
More from Synopsys...
How to Fit Watch Batteries and Adjust Watch Straps
Jan 19, 2023
Are you having problems adjusting your watch strap or swapping out your watch battery? If so, I am the bearer of glad tidings....
More from Max's Cool Beans...

featured video

Level Up Your Knowledge!

Sponsored byMouser Electronics

Feeling behind in the game?Mouser's newsletter and technical resource subscriptions will ensure that your skills are next level! Set your preferences and customize your subscription to power up your knowledge today!

Click here for more information

featured chalk talk
E-Mobility: Electronic Challenges and Solutions
Sponsored byMouser ElectronicsandWürth Elektronik
The future electrification of the world’s transportation industry depends on the infrastructure we create today. In this episode of Chalk Talk, Amelia Dalton chats with Sven Lerche from Würth Elektronik about the electronic challenges and solutions for today’s e-mobility designs and EV charging stations. They take a closer look at the trends in these kinds of designs, the role that electronic parts play in terms of robustness, and how Würth’s REDCUBE can help you with your next electric vehicle or EV charging station design.
Click here for more information about Würth Elektronik Automotive Products
May 16, 2022
35,911 views
Baidu