The semiconductor industry is changing rapidly. The past few years have been marked by a global chip shortage, global supply chain squeezes, and an ever-changing security threat landscape.
2023 is set to be the year of security, with new legislation in the United Kingdom, United States and European Union placing further demands on manufacturers.
So what does this year hold in store? This is the Critical Lowdown.
[Dáire O'Driscoll] Hello and welcome back to Season 2 of the Critical Lowdown, the EPS Global podcast on all things Open Networking, Secure Provisioning, Programming, and Semiconductors. We had a successful Season 1 and are excited to kick off Season 2 with debutante guest, Malcolm Kitchen, one of our expert Field Applications Engineers. Welcome to the show, Malcolm.
[Malcolm Kitchen] Hi, thanks for having me.
[DOD] You worked as a Field Applications Engineer for Spansion and NXP for 12 years before joining EPS Global last year. You attended Embedded World 2023 in Nuremberg with our senior team last week, we'd like to ask you what you see in the semiconductor industry in the year ahead and what were the major trends at Embedded World?
[MK] It was great to see Embedded World so busy again, with improved attendance and a real buzz about the exhibition. If I was to pick a few areas that really stood out: Automotive Electrification is still growing immensely, with exciting developments in charging and powertrain. There's some really exciting stuff there, positive for the environment. Everything smart now seems to mention the word secure, which is crucial as things become more connected. Also, the big buzzword AI, Artificial Intelligence. It really feels it's getting close to becoming more mainstream now in technology used in homes and factories, with industrial automation being a significant focus at Embedded World. Solutions for these applications are becoming more mature, making for an exciting year ahead.
[DOD] What was your highlight from the event?
[MK] I think the automotive sector, particularly driverless cars, was the standout. The way our dashboards are going to look in the future, efficiency improvements, and the increasing semiconductor content in cars is quite incredible. It's fascinating to see how cars have evolved over the past 40 years. To think that you're going to be able to sit in a car without driving it. I can't wait for that one.
[DOD] Any futuristic developments outside of cars that caught your eye?
[MK] I was impressed by image recognition technology running on an embedded ARM processor at one of the booths. I had a little bit of fun with it, not only was it doing identification of your face, but it was really looking into the specifics of what your face was doing. I had a little bit of fun practicing my smiling and sad face, which it was doing a really good job at detecting. That'll make or break long distance relationships down the road.
[DOD] Why do you have that face on?!
[MK] I don't have a face on!
[DOD] Who did you talk to at Embedded World, and what were they talking about?
[MK] We mainly talked to our semiconductor partners, such as NXP, ST, Renesas, and Infineon to name a few. We also discussed embedded security with our customers. My focus is on making security simple yet effective. Security can be complicated, with key pairs, cryptography, certificates, if you're not from that world, it can sound daunting. But with support from our partners, we've developed an ecosystem where tools simplify the process and make firmware encryption and product identity easier to implement in your application.
[DOD] With technology and security becoming increasingly important, where is the push coming from? Is it a natural progression due to developing technologies like driverless cars and facial recognition, the first thing that pops into your mind is how can these be protected, or is it influenced by legislation in the UK, US, and EU?
[MK] [MK] I think it's a combination of both. Many applications nowadays are connected, and with that brings more risk. The applications become more vulnerable, you've got to have the right systems and security in place to manage them. But on the other side of the coin, new legislation is coming in like the new UK consumer product regulations enforced as of December, which also drives companies to take security more seriously. People are becoming more aware of security risks in their daily lives, for example every day we interact with our banking apps and we know how secure that is. But then you connect your smart doorbell, for example, to your Wi-Fi network that has a limited amount of security, it makes you think, could this put my Internet connection at risk and can people get into my house via the Internet?
[DOD] This legislation has been likened to GDPR, not just because of the scope of sanctions that can be handed down when there are breaches, but also because of people's approaches to it. I remembering being on a GDPR committee and trying to implement it, just thinking how vast it was, but really once it was implemented, it was quite a simple set of guidelines to follow. I think that will follow with this legislation as well. What kinds of companies are looking for the Secure Provisioning services that EPS Global provides?
[MK] We are speaking to a wide range of companies who require these services. So think of smaller devices that consume something, but are connected via a Bluetooth app, for example. Many customers think that if your Bluetooth app is encrypted, then you're good to go. But actually, you need to consider the security of the connection between your device to the Bluetooth. especially in consumer applications and industrial automation. Consumer goods, home appliances or white goods, and devices connected via Bluetooth all require solid security. Industrial automation systems can be costly to set up, and a security breach could be disastrous. Heating management and energy management systems also need strong security measures to prevent potential environmental impacts.
[DOD] In a previous podcast with Colin Lynch, CEO of EPS Global, and Haydn Povey of IAR Secure Thingz, we discussed the idea of weaponizing HVAC systems, which was something we had never considered before. It seems like the market is maturing significantly.
[MK] Absolutely. We've seen a significant increase in speed over the last six months, driven partly by legislation and also by the availability of secure microcontrollers. However, due to supply shortages, customers have found it difficult to transition to the next generation. It's important to note that you don't necessarily need newer secure microcontrollers to implement security. We have solutions that can be retrofitted into older microcontrollers that do not have any security capabilities. It's crucial to start addressing security at the earliest opportunity, not just when you think you have the right hardware, as there are interesting software and firmware solutions available.
[DOD] You mentioned industrial applications, such as factories. There seems to be some confidence that the global chip shortage may be ending, at the very least we can see the numbers of cars being manufactured is starting to ramp up. But, one swallow doesn't make a spring, as they say. But what are you seeing on the ground in terms of the global chip shortage?
[MK] We're definitely seeing major improvements. Large industries are now receiving a steady supply of chips, which is great. There may still be challenges in some niche areas, for example if you design in a new chip, but overall, the industry has improved significantly over the last six months. This progress will help us all move forward.
[DOD] Last week, we put out a press release announcing our secure programming services to address the challenges imposed by the already enacted and upcoming legislation in the US, UK, and soon the European Union. Can you provide more in-depth information about this legislation?
[MK] The UK is the first country to enforce legislation that applies to consumer products destined for UK consumers that connect to the Internet or a network. This is about keeping consumers safe and ensuring that IoT devices, such as door locks or Wi-Fi cameras, have the right security standards. To comply, it's essential to have unique encrypted passwords for each product, which cannot be printed on the box or used across all products sold by the company. These passwords must be programmed into the device and encrypted within the microcontroller. We can accomplish both of these tasks, as well as handle the more complex aspect of encrypting the firmware. Once the software and firmware encryption is sorted, we can provision it in high volume at any of our 22 secure programming centers.
[DOD] So this has gone from a "good to have" to a "must have" for network-connected products?
[MK] Yes, unencrypted products are no longer acceptable. We can ensure that hackers cannot download code from a device, but even if they somehow managed to read the data, it would be encrypted and unusable so there's nothing they could do with that without quantum computing. This not only protects consumers but also a company's intellectual property. It's also important for our customers, the companies who develop these connected products, to encrypt their firmware on their site and have a Root of Trust. Once the firmware leaves the customer's site, it remains encrypted and can only be understood by the Hardware Security Module (HSM) contained inside our programming machines. The file is then injected into the microcontroller, and only when it boots up will it start to decrypt the firmware. This ensures that there's no weak link in the chain where someone could hack into the firmware or modify it for malicious use.
[DOD] As we approach the end of the podcast, we always like to ask a question here on The Critical Lowdown: Looking into your crystal ball, what do you see happening 6 months and 12 months down the line?
[MK] We are witnessing a strong interest in security lately. The legislation is in place, the threat has been present for a while, and most importantly, the solutions are now available. At EPS, we have developed a flexible ecosystem of tools since we understand that security needs vary for everyone. It's crucial to have a versatile set of design tools that can provide the appropriate level of security. As a result, we are now seeing many customers engaging with us on security matters, and I am confident that we will be supporting even more customers in the coming year.