Connected device security gets wider attention

In the past, it was often the case that what was discussed in the embedded systems and semiconductor industry stayed in the industry. Nobody outside it was really interested in what happens within it, as it didn't apparently affect them. That's not the case any more as chips have become mainstream - everyone talks about our dependency on them, and everyone now takes notice of any pinch points and challenges, and we've also seen a rush by several nations to push for semiconductor investment programs.

It's not just about ensuring supplies and chip sovereignty though. With almost everything on a push to be connected in the quest for 'digitalization', the issue of security of connected devices comes into play too. Internet of things or IoT security was up to now something that industry experts have been advocating, but that topic too has become more mainstream over the last year or so.

To that end, just last week, an announcement through the World Economic Forum’s Council of the Connected World, leaders from Consumers International, the Cybersecurity Tech Accord and I Am the Cavalry, representing over 400 organizations globally, collaborated to recognize an emerging consensus on baseline cyber security provisions for consumer IoT devices. They issued a joint statement that specifies five basic consumer IoT device security that governments around the world should encourage device manufacturers to promote and standardize as a global baseline: (1) No universal default passwords; (2) Implementing a vulnerability disclosure policy; (3) Keeping software updated; (4) Securely communicating; and (5) Ensuring that personal data is secure.

This is a concerted effort to bring connected device security to a wider audience and help encourage industry to deliver products that observe some baseline standards (or expectations).

Meanwhile, talking much more deeply to the industry, another joint industry-government initiative is beginning to raise awareness of fundamental flaws in computer security architecture and how that could be addressed to enable what it says is better digital security by design. Called DSbD (which stands for Digital Security by Design), it's led by John Goodacre, who knows a thing or two about microprocessors, having been responsible for the design of the Arm MPCore multicore processor and associated technologies. My latest embedded edge with Nitin podcast with John addresses the context of DSbD and what it aims to achieve.

A round up of some of the highlights in the embedded world over the last week can be found here, where we feature news from STMicroelectronics, Infineon Technologies, CoreAVI, sureCore, Ensilica, Nvidia and Jaguar Land Rover, Cadence Designs Systems and Qorvo, AAEON and Hailo, Imagination Technologies and Silicon Catalyst, Renesas Electronics Corporation and AVL, Andes Technology, Intrinsic ID and Jupiter Semi, iSYSTEM, Bosch Group and Rohde & Schwarz, u-blox, CommAgility, Ambiq, Morse Micro, Juniper Research, and Crehan Research.