Embedded security attacks are emergencies, and we need to treat them that way.
The embedded security problem is an ongoing and escalating emergency in progress. The internet of things is so extensive and so interconnected that simply writing good code is not good enough. Conventional boundary thinking is irrelevant. Resetting systems is no guarantee to halt attacks. There’s no time for finger pointing and guesswork. According to PSA-Certified, the average cost of a successful IoT device attack is more than $330,000 and it’s estimated that by 2025, cybercrime damages will total $10 trillion. It’s time to take crisis control lessons from the emergency management industry and get out of this spiraling failure.
Rapid response criteria are needed for embedded systems emergency management
A rapid response plan requires both technical and workflow commitments to process attack intelligence.
The basic steps include:
The magic words are: stakeholders coordinate together. Who are the stakeholders? What are their roles? In any system life cycle there are at least five: Developer, OEM, Product Vendor, Dealer, and Owner. The technologies chosen to build and implement embedded systems must provide the information necessary for them to rapidly resolve problems.
Steps to building the next-generation embedded system emergency response
Solving attacks quickly happens when actions can and will be taken quickly. A fundamental change in embedded software development, information sharing, monitoring and updating is required.
Bottom Line
When embedded systems are compromised, services are affected, money is lost and lives are at risk. Emergency-ready software supply chains are needed now, not years in the future. Players at any point in the supply chain should ask tough questions about security treatments, and skip vendors who are not ready to address the life cycle commitments set forth in this opinion.
- John Girard | Advisor at Lionfish Tech Advisors and Managing Director of Cyber Imbiber Tech Advisor LLC.
Recommended Reading
Why Certify IoT Security?, PSA Certified
Top 25 Auto Cybersecurity Hacks: Too Many Glass Houses To Be Throwing Stones, Forbes
From Stuxnet to Industroyer: The biggest hacks in the history of Industrial IoT, Turn-key Technologies
© 2022 Cyber Imbiber Tech Advisor LLC