Security is a topic which plays a key role for the success of topics like Internet of Things, Smart Home.
If we consider the topic in more detail, it will be realized that it will be worthwhile, to separate the individual topics. It is important to be aware that the boundaries of the separate topics are an absolute requirement to treat Security adequately as a whole and in each sub-topics. Creating this awareness is goal of this blog post.
Why is Security an increasingly important issue? In my view, autonomous driving a car, Internet of Things or Smart Home are just three developments which make a broad public aware that Security is an important issue.
Since each of these products is very different, it make much sense to distinguish the different industries.

Now we consider the applications within an industry. There are three categories to be distinguished:

• Security for IT systems
• Security for embedded systems
• Security for embedded systems which exchange data with IT systems

Security for IT-Systems

Since many years, there is already experience in dealing with hazards arising from attacks on such systems. They are verified processes and standards on how to effectively address security risks. An example are bank IT systems. Attacks on such systems are very attractive, so banks were forced very early to think about countermeasures. The effectiveness of protection mechanisms are at least high enough so that the online banking transactions have absolutely taken hold in the market. But it is in the nature of things that there are new threats every day which have to be tackled. In developing the countermeasures you have recourse to a considerable experience.

Security for embedded Systems

From the perspective of Security, such systems are the counterpart to the systems described above. Since there are no technical possibilities to attack this systems, no measures in the field of Security must be taken. This was the situation until few years for most of the embedded systems. A prominent example are industrial plants, including power generation plants. There was no technical access (network) to these systems. Due to the already mentioned developments, this is changing at the moment radically and rapidly. Therefore it can be assumed that the amount of such systems will decrease dramatically.

Security for embedded systems which exchange data with IT systems

Many embedded systems will be linked to each other in the future. It will be a network with other embedded systems and with IT systems. Security attacks on embedded systems will increase. Many of today’s existing embedded systems were never designed for such scenarios.
The table below illustrates examples, which show the variety of products and systems which have to withstand security attacks in future.

Conclusion

The security challenges are diverse and complex. A variety of solutions and procedures are already in place for IT systems. The new challenge is to embedded systems connected to IT systems.
The first standard which deals with embedded systems security is the IEC 62443. However, the important part 4 is not published, yet. This standard is limited more or less to systems of industrial automation. If other industries will create its own standards, is one of the open questions at the moment.
When you start to deal with the security issue, it is definitely a very useful step to be aware, in what area of security you are.

Are you ready for a security workshop, then send a mail to: info[at]heicon-ulm.de or call +49 (0) 7353 981 781.