Recognizing that the increasing ubquitous connectivity of wired and wireless devices also presents a security challenge that will only grow as what is now called the Internet of Things becomes more pervasive, Green Hills Software has formed its IoT Security Advisors group.
Making the announcement at this week's Embedded Systems Conference at EE Live, David Kleidermacher, chief technology officer of Green Hills Software, said the group is comprised of security experts from all of Green Hills Software’s business units to provide security services for organizations that must manage the daunting privacy and security challenges associated with the IoT.
“The threats associated with having 30 billion connected devices necessitate security becoming the top priority for companies participating in the IoT,” he said. “Our team of IoT Security Advisors brings expert system design and security services to companies that need assistance in this area.”
Beyond the staggering number of devices on the IoT, Kleidermacher said, the types of Things that may be commandeered for nefarious purposes are equally alarming: cars, trains, traffic lights, power grids, factories, and home appliances to name a few.
“Our public safety and privacy must not be at the mercy of anonymous hackers, foreign intelligence services, organized crime, or multinational corporations,” he said. “Manufacturers of insecure devices on the Internet of Things will be subject to lawsuits for invasion of privacy, catastrophic failures from denial of service attacks, recalls, and any harm that comes from devices being commandeered.”
He said the new group is the only security organization with experts that have successfully achieved certification to IEC 15408 (Common Criteria) Evaluation Assurance Level 6+, High Robustness, the highest software security level ever attained. “All other organizations that have attempted to meet this level have failed,” said Kleidermacher, pointing out that EAL 6+, High Robustness is the certification required to protect “high-valued information” against “sophisticated threat agents.”
He said that scale of the visions for the widespread use of IoT technology requires this kind of security, whether government mandated or not.
“The IoT will enable organizations and individual users to benefit from increased efficiencies, convenience, and lower costs,” said Kleidermacher. “Unfortunately, a whole new generation of Things will be open to hacking, exploitation, and malware; and security techniques deployed thus far have proven ineffective at protecting consumers, governments, and businesses from determined hackers.”
An indication of the level of the threat the company perceives the rapid and pervasive growth of IoT rollout is the range of security competencies it has incorporated in this new group: NIST FIPS 140-2 (cryptography), DIA DCID 6/3 (classified intelligence information systems), NSA Type-1 (crypto devices), FAA/EASA DO-178B/C (avionics), FDA Class II/III (medical), IEC 61508 (industrial), ISO 26262 (automotive), EN 50128 (railway), and others.
“The threats associated with having 30 billion connected devices necessitate security becoming the top priority for companies participating in the IoT,” he said.
For companies who recognize the seriousness of the security hazards that IoT represents, the security advisors group the company has formed will offer embedded, enterprise, mobile, network, and system security design consulting services, comprised of security requirements management, secure software development processes, system architecture, data protection, testing, and security training.
He said that GHS will offer comprehensive certification assistance for IoT developers who must meet security, safety, and quality standards. For those companies who do not know if they have a security problem the GHS team will offer threat and vulnerability assessment services regardless of industry, hardware, and operating system.
“The Internet of Things is focused on capturing, acting on, and monetizing data in a new world of intelligent systems,” said Michael J. Palma, research manager for IDC. “The distributed, connected nature of these devices open them up to an array of security concerns and the value of the data will be dependent on its inviolability. This data, the billions of devices, and the networks that support IoT must be secured to drive adoption, protect investments, and win trust from users.”