As smart devices continue to evolve that can anticipate and automate our needs, it's important that we consider ways to make the infrastructures on which they are deployed more secure and resilient. That work starts with the devices themselves.
Our CTO Lars Reger made this point in Brussels last week, speaking at an event hosted by the Charter of Trust, a cross-industry group dedicated to promoting cybersecurity, data integrity and protection, and building confidence in a networked, digital world (NXP is a member).
It’s no secret that the edge of computer networks is where the action is for technology innovation and the development of services. The edge delivers devices that can sense, think and act locally instead of being wholly dependent on computing and directional controls from distant servers reached via the cloud.
Globally, more than 50 billion connected devices are expected to be in use by the middle of the decade, and this will apply to family residences, offices, factories and other industrial uses (power utilities, for instance).
Globally, more than 50 billion connected devices are expected to be in use by the middle of the decade, and this will apply to family residences, offices, factories and other industrial uses (power utilities, for instance).
Such smart connected edge devices will need to manage security and functional safety-relevant activities to ensure they do not malfunction, but also to prevent tampering by malicious attackers. Therefore, all users, as well as infrastructure operators, and ultimately IoT developers, must be able to trust every device, component, as well as the cyber resilience of infrastructures overall. This is where certification plays such an important role because it imprints these devices with the necessary trustworthiness.
Further to Lars’ specific Charter of Trust comments, one very promising security standard for IoT platforms was first published in March 2020: SESIP, for Security Evaluation Standard for IoT Platforms. At its heart, it’s a security evaluation methodology that can certify components for safe use across industries, so an approved microchip could be reliably used in, say, an industrial, automotive or medical application.
Certification provides confidence to manufacturers and providers as SESIP’s evaluation methods provide independent proof of security at both the hardware level, for attributes like cryptographic acceleration and secure storage mechanisms, and at the software level for qualities such as user authentication. SESIP allows IoT developers to re-use certification results, which will help eliminate the need to retest components and thereby reduce complexity, cost and time-to-market for stakeholders. Ultimately, the objective is to build consistency across relevant certification schemes to facilitate product evaluation and certificate recognition.
The demand for semiconductors to enable the edge is already great and growing, and such standards help drive acceptance of cybersecurity in the EU.
The demand for semiconductors to enable the edge is already great and growing, and such standards help drive acceptance of cybersecurity in the EU.
The most resilient infrastructures of tomorrow will incorporate today’s best thinking about how to secure their foundational components found at the edge, and then literally build on that resilience.
SESIP helps make those foundational components more secure.