The Building Blocks for IOT Security

For the past decade, manufacturers have been rushing to fulfill the promise of the Internet of Things. The deployment of 5G, which enabled smartphones and smartwatches, has led the way for smart fridges, smart vacuums, smart pacemakers, smart security, and a whole host of connected consumer products.

By the end of 2022, there were an estimated 7 billion IoT devices in the world, each one packed with software. This exponential growth has presented opportunities to malign actors to exploit potential weaknesses for criminal gains. According to Microsoft's 2022 Digital Defense Report, IoT devices are the key entry point for many attacks. In December 2022, the CEO of Zurich Insurance, Mario Greco, said that cyberattacks could pose a larger threat to insurers than systemic issues like pandemics and climate change, and as a result, could become uninsurable.

2022 is seen by many experts as the inflection point for IoT security, and governments have begun to protect individuals, businesses, and key infrastructure. Last year on The Critical Lowdown, we predicted that 2023 would be the year of IoT security, and so it has proved. In the UK, the PSTI Act has passed into law, the EU Cyber Resilience Act is progressing in Brussels, and the US IoT Cybersecurity Improvement Act of 2020 has been bolstered by new cybersecurity measures in the 2022 Appropriations Bill. The legislation is tightening, and the consequences are getting even more significant.

To navigate this complex security ecosystem, we have assembled a panel of the industry's foremost experts to discuss the legislation, threats, technology, distribution, and solutions.

• Malcolm Kitchen, FAE for Secure Trust Provisioning, EPS Global
• John Moor, Managing Director, IoT Security Foundation;
• Haydn Povey, Chief Strategy Officer, IAR Systems;
• Stella Or, Software Partner Manager for Secure Connect Edge, NXP;
• Todd Baker, Corporate VP of Worldwide Engineering, Future Electronics.

Glossary of Terms

• IoT (Internet of Things): A network of interconnected devices, vehicles, buildings, and other objects that collect and exchange data.
• PSTI Act: Product Security and Telecommunications Infrastructure - a UK legislation focused on improving the security of IoT devices.
• EU Cyber Resilience Act: European legislation aimed at strengthening cybersecurity across the European Union.
• IoT Cybersecurity Improvement Act: A US legislation aimed at improving the security of IoT devices.
• IAR Systems: IAR provides world-leading software and services that drive developer productivity in Embedded Development and Embedded Security, enabling companies worldwide to create and secure the products of today and the innovations of tomorrow.
• TrustZone: TrustZone serves as a basis for comprehensive system security and the development of a reliable platform. It allows any system component to be designed as a secure element, encompassing debug, peripherals, interrupts, and memory.
• IoT Security Foundation (IoTSF): A not-for-profit membership organization focused on raising awareness and addressing emerging threats in IoT security.
• NXP: A global semiconductor company offering a range of products, including high-performance, low-power consumption options with built-in security features.
• Future Electronics: One of the world's largest semiconductor distributors, providing engineering expertise and leading technologies from partners like NXP.
• ETSI: European Telecommunications Standards Institute. They produce globally applicable standards for ICT-enabled systems, applications, and services deployed across all sectors of industry and society.
• MCU (Microcontroller Unit): A small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals.
• IP theft (Intellectual Property theft): The act of stealing ideas, inventions, and creative expressions, such as trade secrets, patented products, copyrighted works, and trademarks.
• PSA (Platform Security Architecture): A framework for securing connected devices, developed by ARM.