The Internet of Things is growing apace.
Related: The Top 12 IoT protocols
Deployment of 5G and AI-enhanced IoT systems is accelerating. This, in turn, is driving up the number of IoT-connected devices in our homes, cities, transportation systems and critical infrastructure.
One estimate suggests IoT-connected devices are multiplying at a 12 percent compound annual growth rate. By 2030, according to IoT Analytics, we will be relying on some 41 billion IoT devices worldwide, up from 17 billion at the close of 2023.
Largely out of the public eye, a lot of work is going on to assure security of this rapidly expanding, massively interconnected digital ecosystem. I had the chance to discuss this at length with Thomas Rosteck, Division President of Connected Secure Systems (CSS) at Infineon Technologies.
We met at Infineon’s OktoberTech™ Silicon Valley 2024 conference, which I had the privilege of attending recently at the Computer History Museum. For a drill down on our conversation, please view the accompanying videocast. My big takeaways:
Innovation and standards
Ensuring that hyper-connected IoT devices are not only smarter and faster but also resilient against cyber threats is a very tall order. It requires technical innovation to mesh with supporting security standards and emerging government regulations much quicker and smoother than has ever happened in the Internet era.
This, indeed, is what’s happening. Infineon, for instance, is known for supplying secured, energy-efficient semiconductors and microcontrollers which are critical for IoT security. The Munich, Germany-based company has stepped forward to take a leading role in making security breakthroughs at the hardware level, notably at the IoT device level.
The idea is to help establish a trusted foundation at the outermost edges of modern IoT systems — by safeguarding device integrity inside each IoT sensor and IoT controller. “Security is like baking a cake,” Rosteck explains. “Once baked, you can’t add the flavor. Likewise, security must be embedded in each IoT device from the start.”
Microcontrollers have emerged as a main ingredient for securing IoT services. These compact, integrated computer chips are designed to control specific tasks in electronic devices. Infineon has been pushing the boundaries of what microcontrollers can do, especially when it comes to making them much more capable and secured in IoT applications.
The rapid advancement of semiconductor miniaturization and edge computing capabilities over the past five years has been a key development, enabling much more complex processing to be carried out on ever smaller chips. Wider availability of high-speed wireless networks, like 5G, and the continuing shift to robust cloud computing services, has helped, as well.
Miniature brains
Today microcontrollers act as the “brains” behind smart devices, enabling high connectivity and efficient power management for everything from sensors to complex systems. They play a crucial role in making IoT devices smarter, more secure, and capable of seamless communication in connected ecosystems, Rosteck noted.
It struck me that what Infineon is doing is akin to distributing miniature digital brains at the outermost edges of IoT systems. These tiny brains are optimized to handle specific, high-stakes tasks efficiently and reliably.
Much as the human brain processes information and makes decisions, Infineon’s microcontrollers are designed to autonomously manage essential functions—whether controlling precise equipment in a factory, monitoring patient vitals in a hospital, or managing energy flow in a utility grid.
We’re in an early phase of relying on individual chips to perform complex, real-time processing and execute reliable, autonomous decisions at the Internet edge — without relying on central servers. IoT systems of the near future hold great promise to help us achieve great things, such as reverse the effects of climate change and even promote an improved standard of living, for one and all.
One requirement is tantamount: “You have to have something in the system that you can absolutely trust; we call it a security anchor,” Rosteck observes. “And from there you can build up your trust system. That’s important because in the end, the success of IoT is also largely dependent on whether people trust their devices.”
Towards this end, Infineon microcontrollers are optimized to prevent unauthorized access and preserve data integrity in everything from cars to smart home devices. Infineon has integrated a Hardware Security Module (HSM) directly into their microcontrollers to take security up a notch, especially in critical IoT applications like automotive systems.
This HSM acts as a dedicated security engine within the microcontroller, performing essential checks during the device’s initial boot-up. For example, in a drive-by-wire steering system, where steering is controlled electronically rather than mechanically, the HSM ensures only verified and trusted code runs from the start. It also validates the integrity of the firmware and checks for any unauthorized modifications.
Compliance nudge
Infineon’s innovations come as regulatory bodies are making a push for stricter data security compliance rules. The European Union’s Cyber Resilience Act, introduced this year, requires connected devices sold in Europe to meet a set of cybersecurity benchmarks as part of the familiar CE mark, which assures general safety of electronic products.
Meanwhile, the U.S. Cyber Trust Mark will serve as a “certification” for secure consumer IoT devices. Rosteck noted that these new compliance requirements should act as a global catalyst for consistent device security.
The Biden-Harris administration’s U.S. Cyber Trust Mark is a labeling initiative specifically aimed at raising security standards for (consumer) IoT devices. Developed by the National Institute of Standards and Technology (NIST), the program establishes baseline security requirements for IoT manufacturers, encouraging them to implement stronger protections, such as secure software updates and data encryption.
The label came about in acknowledgement of the massive expansion of IT security risks that accompany growing reliance on hyper-interconnected digital systems. It seeks to incentivize industry accountability and empower consumers with transparent information about IoT device security.
Meanwhile, the EU’s Cyber Resiliency Act (CRA) is aimed at strengthening cybersecurity for digital products and software all across Europe. The CRA mandates that companies comply with specific security requirements throughout the product lifecycle, from design to end-of-life. It requires manufacturers to address vulnerabilities, provide security updates, and notify users of incidents promptly.
The EU responded forcefully to a surge in cyber threats targeting software and connected devices, which pose risks to individuals, businesses, and critical infrastructure. By setting binding requirements, the CRA aims to protect users, foster trust in digital products, and promote a secure digital economy in Europe. “The EU’s decision to enforce security requirements through the CE mark is powerful because it extends to non-European manufacturers who want access to the market,” Rosteck noted.
Pressure to advance IoT security is coming from other quarters, to be sure. The rise of quantum computing, for instance, with its capacity to undermine existing encryption algorithms, poses a particular risk to connected systems. Infineon is among the companies preparing for this future by developing “post-quantum” encryption to replace today’s vulnerable asymmetric algorithms.
Additionally, the commercial sector’s mad dash to monetize GenAI has touched off an all too familiar cycle of companies racing to innovate, for competitive reasons, without fully accounting for fresh cyber exposures. Yet this time around, Rosteck says he, for one, is encouraged by how the tech industry’s standards-making bodies, made up of conscientious IT pros, have been hustling to stay in step with regulators.
Taking a proactive stance on IoT security has become de rigueur. “Security used to feel like an uphill battle,” he admits, “but now the world is pushing in the same direction.”
The securing of our increasingly hyper-connected digital world is unfolding in real time. Proactivity is gaining steam. I’ll keep watch and keep reporting.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the ven
November 11th, 2024