Last week I had the pleasure of attending the official launch of the IoT Security Foundation. Held on the top floor of the Digital Catapult building in central London, this event included speakers from Beecham Research, NMI, Copper Horse, and Imagination Technologies.
Robin Duke-Woolley, CEO of Beecham Research, set the scene by introducing the IoT security threat map below. Reviewing the different attack points highlighted on the diagram, Duke-Woolley remarked how the IoT market would have to face a significantly larger number of threats than the traditional M2M sector.
According to Beecham Research, the connected devices market will see annual shipments of over five billion devices and a growth rate close to 50% by 2020
This is because M2M platforms tend to focus on specific applications where potential breach attempts are usually a known quantity. On the other hand, the IoT markets are open to many companies building disparate technologies and products that need to work together. The problem facing IoT developers is the lack of uniformity across the different common layers and interfaces used to build Internet-connected devices; this in turn hinders the development of a cross-platform security strategy among various IoT companies, institutions or foundations.
Robin Duke-Woolley concluded that maintaining heightened security in the fast growing IoT market requires a new game plan.
A new security paradigm
NMI chairman Stan Boland was up next talking about the current state of IoT security and what needs to change in the future. Boland talked about an IoT v1.0 that includes disjointed silos of smart sensors transmitting data to gateways and data centers which then use machine learning and other intelligent processing technologies to store and process information.
According to Boland, this approach works fine for small sets of data that are processed locally or independently but fails to scale to truly connected platforms where interoperability is a key concept.
John Moor, VP of new segments at NMI, then stepped up to introduce the IoT Security Foundation. Initially chaired by leading security experts from UK companies and institutions, the Foundation ultimately aims to be a global organization building a top to bottom security framework for connected devices.
Moreover, the IoT Security Foundation is an inclusive forum that doesn’t focus on a specific category of companies, but includes everyone in the manufacturing chain (IP providers, semiconductor designers, OEMs and ODMs, operators and retailers).
Members of the Foundation will be working to provide a holistic approach to security best practices and a cohesive strategy that addresses wide-ranging concerns from multiple stakeholders.
After the Second World War, airline companies worked together to convince the public it was safe to fly. The mission of the IoT Security Foundation is to make it safe to connect. – John Moor, VP of new segments at NMI and director at the IoT Security Foundation
Finally, Imagination CEO Hossein Yassaie took the stage to declare the IoT Security Foundation officially open for business and offer his valuable insights into how companies worldwide should tackle security in the hyper-connectivity age. Many players in the IoT market view security and reliability as closely related concepts; for example, hacking a connected car turns it into liability both for the person behind the wheel and for other drivers on the road. Therefore, it is important that companies designing IoT devices start implementing virtualization-based security at the hardware level to add a strong foundation for protection and reliability against attacks or failures.
In this context, our OmniShield technology has been carefully designed to provide industry-leading security and reliability to any class of connected device, from smart sensors to high-performance IoT compute nodes. OmniShield is a combination of virtualization-based hardware and software technologies that goes beyond a binary approach to create multiple secure domains, where each secure or non-secure application and operating system can operate independently in its own separate environment. OmniShield offers more than a CPU-centric implementation, scaling to a heterogeneous design that spreads across multiple IP blocks and subsystems from Imagination (MIPS Warrior CPUs, PowerVR Series7 GPUs, etc.) You can read more about how OmniShield improves system-level security for a wide range of IoT devices here.
I’m really excited to see the Foundation being announced and can’t wait to see it taking an active role in the development of security guidelines for the next generation of IoT devices.