Human interaction with smart devices and services is fast becoming an integral part of daily life. From home automation to manufacturing, medicine and transport, the world is increasingly relying on smart connectivity.
Take the automobile, for example. Today, hundreds of millions of lines of code run in hundreds of processors linked to sensors, actuators and other components—all within a single car. Smart cars are connecting to wireless networks for navigation, software updates and entertainment systems. Going forward, autonomous vehicles will require even more connectivity to seamlessly interact with their surrounding environment.
Factories are undergoing a similar evolution. Production sites, workshop floors, business procedures, construction processes, and many of the products themselves will be smart and connected. Sensors and extensive component networks will become mainstream in every production step, and customers will connect to products directly on the shop floor.
But this emerging world of interconnectivity—this Internet of Things (IoT)—is not without risk. IoT is still in its early stages and must still overcome significant challenges in security, safety, reliability, and privacy. Just imagine what would happen if hackers gained control of autonomous vehicles, or attacked the systems in a smart factory. More connections mean more openness, thus more exposure to malfunction and potential attack.
Unfortunately, we must assume that devices will be attacked and their security eventually broken. Adding security to IoT systems as defense against attack is not enough. We must also add resilience so that some baseline functionality can be recovered in the case of a system compromise, thus making IoT devices less susceptible to further attack.
Addressing these challenges with the means of the industry is good but not sufficient. Advancing security in the IoT is a societal challenge that goes way beyond the capabilities of individual actors. One that requires full engagement of all stakeholders involved, from the industry, governments and academic research to private and public authorities such as regulation and certification bodies.
While hard- and software manufacturers and IT service providers will have to contribute with advanced security technology, mandatory standards and regulation are necessary to make sure that this technology is actually applied in the field. In order to achieve better protection of the ecosystem, baseline security standards and principles must be valid across the entire life cycle of IoT products: from the design process through the supply chain to field life and decommissioning.
NXP’s decision to join fellow IoT key players in a Charter of Trust is motivated by this very objective. This initiative of industry, government and public key actors is an elemental step as for the first time it engages the key players in a joint mission to establish baseline standards and mandatory requirements for the security and privacy of connected devices, thus advancing cybersecurity and increasing trust in the IoT.
Currently there is no basic level, or “level zero”, defined for security and privacy of smart, connected devices. The lack of trust in connected solutions already is a severe market problem. With the growing number of hacked devices and formerly unregulated and non-transparent data usage, consumers are becoming more and more reluctant to invest in smart appliances. Making trust a core principle in the development of IoT-products and services will help companies to become future-proof since regulatory initiatives are under preparation at EU-level and on a global scale.
For the semiconductors industry, the smart world means a move from simple component supply to complex solution and system security. The challenge is providing interoperable solutions and systems that balance security, cost and ease of use. As more devices become connected through the Internet of Things (IoT), integrated security solutions with the latest cryptographic techniques are critical for preventing sophisticated system attacks and protecting private user information. System security can only be achieved on system level by partnering with the actors governing and advancing the respective sectors. Financial institutions, manufacturers, insurers, retailers, governments and public service providers depend on secure embedded systems that defend their critical infrastructure against IoT security breaches.
As a market leader in secure connectivity, we bring our expertise to the table. NXP technology helps developers build reliable, secure and trusted IoT equipment. From MCUs, to processors, to secure elements, to software and services—NXP provides solutions for ecosystems that require built-in protection. Because adding optional security to IoT systems as defense against attack is not enough, NXP commits to a security-by-design approach, taking privacy and data protection into account already in the design and set-up of products and services.
As a founding member of the Charter of Trust, we at NXP see the industry’s responsibility in protecting device security and privacy with respect to the storage, transfer, use and processing of data. Let’s make this thinking integral part of the future IoT.