The Increase in Scope of Cybersecurity from Software to Hardware Protection

Consumer focused hardware companies are delivering more products than ever before due to the popularity of IoT technology. IoT devices promise to save consumers time and money by automating repeat takes and applying insights that previously weren’t possible. “The GSM Association estimates that by 2025 there will be almost 25 billion IoT devices deployed in the world.” The prevalence of IoT hardware comes with an increased cybersecurity risk.

Connected hardware has an increased cybersecurity risk because it is tangible. In other words, it can directly affect the world in which it resides.  The article provides an interesting example of a robot being compromised and directed to move to a new location to be sold for parts.

The author provides a few suggestions for hardware manufacturers to pursue to help increase cybersecurity in their products.

• Design with cybersecurity in mind and allow products to be updated in response to new threats.
  • Improve firmware verification and error checking.
  • Support for encryption methods like AES, DES, etc.
  • Adding secure key storage 
• Expand Data Access Controls
  • User vetting and verification must be added to the user authentication pipeline. 
    • “Keys and other access mechanisms are methods, they are not proofs of identity. We cannot blindly trust the keyholder. This is security backward. The keyholder must be vetted as well.”
• Increase CIO/CISO Roles in hardware IoT companies
  • Companies cannot afford to risk losing competitive advantages by not having CIO/CISO

Article: The Increase in Scope of Cybersecurity from Software to Hardware Protection

Author: Neil Okikiolu

Published: September 8, 2021

Link: https://cisomag.eccouncil.org/the-increase-in-scope-of-cybersecurity-from-software-to-hardware-protection/