New-Tech Europe Magazine | February 2018

procedures are defined, designers and developers can unitize a variety tools and approaches to design and implement robust systems. References IoT Security Compliance Framework. https://iotsecurityfoundation.org/ wp-content/uploads/2016/12/IoT- Security-Compliance-Framework.pdf Security Requirements for Embedded Devices – What is Really Needed? http: / /www. i con l abs . com/prod/ security-requirements-embedded- devices-%E2%80%93-what-really- needed Embedded Hardware Security for IoT Applications https://www.securetechalliance. o r g / w p - c o n t e n t / u p l o a d s / Embedded-HW-Security-for-IoT- WP-FINAL-December-2016.pdf Security Considerations Based on Classification of IoT Device Capabilities https://www.thinkmind.org/index. php?view=article&articleid=servi ce_computation_2017_2_10_10008

Arrow Sustainability Technology Services to ensure devices are properly managed and a secure chain-of-custody is maintained throughout the entire lifecycle. 9. Security policies and procedures are essential to ensure that the human factors in security are adequately robust. To ensure the integrity, security, resilience, and quality of products and services as they move through the supply chain, managers should adhere to best practice based processes and operating procedures. In addition, the ability to track and manage issues throughout the entire lifecycle is essential. Policies and procedures should span key steps in the lifecycle management process including product design and development, manufacturing (OEMs), provisioning, third-party installation, device activation/reactivation/deactivation, device maintenance, device firmware updates and device recalls/ retirement. Summary Security of IoT systems has been noted as a key inhibitor of the widespread proliferation of the internet of things. End node IoT devices are vulnerable to many threats. To understand and apply good end node security models, a standards-based classification of security levels and device types is needed. In addition, several factors including – protection scope, potential impact of a security breach, types of security levels needed, commissioning and upgrade models and overall security protocols and processes need careful consideration by practitioners (Figure 2). Once the right security needs, protocols and offers

over the air (FOTA) updates while efficient, create various security issues – a wrong/malicious firmware might be uploaded, the transmission of the new updates can fail, or the new firmware simply does not work as intended. Updating firmware while ensuring security, system stability, and transmission reliability requires authentication, version control, package integrity, complete and error-free transmission and operability check post update. All this has to be accomplished while limiting user interaction to the bare minimum to protect against human errors. 7. Secure manufacturing of IoT devices is essential to avoid counterfeits, protect the product ecosystem and ensure quality. At the manufacturing stage, secure firmware programming enables IoT devicemakers to reliably and securely program authorized firmware and also protect the firmware from being modified, pirated or installed on any cloned hardware. Using a hardware security module (HSM) during programming of production-level firmware to generate OEM product certificates, securely manage and store keys and provide tamper- detect alerts is essential for secure manufacturing. 8. Secure decommissioning of IoT end nodes and proper handling of associated assets (data) is an integral part of managing security. Solution providers must plan for device end-of-life and have processes to securely remove them from the network and ensure they do not introduce vulnerabilities that can be exploited. Data should be wiped clean and irretrievable. In certain instances, hard drives and data devices must be destroyed, shredded and properly recycled.

Andrew Bickley Arrow Electronics EMEA Technology Marketing Director, IoT

38 l New-Tech Magazine Europe