By the end of this decade, we will have stopped using the phrase “Internet of Things”. We will simply understand that a myriad of devices across factories, city infrastructure, energy grids and buildings are more efficient because they effectively and securely exchange information. Indeed, the longer these systems are deployed, the more effective they become due to the impact of machine learning.
Unlike the digital speakers in your home, these systems need to be fully operational for ten, fifteen or indeed twenty years. There are three big drivers that are causing the decision making on this data to be driven nearer to where this data is being created:
We are evolving to a hybrid world... processing on data will shift between the endpoint, the network aggregation points and the cloud, in some cases dynamically. Companies will demand a choice of cloud environments as well as using on-premise infrastructure.
What will remain consist is that the connected devices must be trusted. The Mirai botnet attack in late 2016 would have been avoided if systems could self-recognize they were starting to behavior in a way that was fundamentally different from how they were intended. So while encryption an all the standard elements of secure communication are a must, the system architect must create a platform that can be trusted to perform to specification over its useful lifetime (and to be decommissioned in a trusted way too…too few companies are worrying about this piece currently)
Given this complex (and increasingly dynamic) nature of computation and decision making from device to edge to cloud, aspects like security and application integrity cannot be viewed as a point solution, but instead must be considered holistically.
Industrial standard organization such as the Industrial Internet Consortium attest that point solutions are not enough and requires a comprehensive framework for managing the vast complexities of the pyramid. The IIC published Industrial Internet Security Framework surpasses typical recommendations of security controls, documenting stakeholder viewpoints and concerns to ensure proposed solutions are rooted in requirements that comprehensively solve the problem. Coverage Includes:
To unlock the full potential of IIoT, trust must be established across a network. That trust begins with platform security—the assurance that computing components are authentic, initialize to a well-known state, and are resilient to unauthorized changes. Once platform security is in place, systems must incorporate network security and monitoring capabilities to ensure system-wide integrity is resilient to unauthorized changes.
Point solutions tend to address symptoms of engineering flaws—e.g patching, updating whitelists, malware signatures, etc. However, reactionary approaches lose effectiveness at scale and fail at catching the first exploit. LYNX MOSA.icTM gives product suppliers the ability to build in assurance with the knowledge that their device is precisely designed to execute securely in enterprise or control networks without having to rely on layers of firewalls, IDS, and patching systems.
Adopting any digitization security technology requires careful technical scrutiny to claims of assurance, interoperability with legacy systems, and life cycle maintenance costs. The architecture configuration language of LYNX MOSA.ic allows developers to design in security properties of system devices that must be trusted and need to survive in hostile environments.
Examples of relevant security designs include:
With LYNX MOSA.ic, evaluators of security properties such as government authorities or safety managers can trace configurations down to processor hardware control, providing formal evidence of robustness and resulting in a holistic approach to system security. Our emphasis for our product roadmap in this area, aligned with the company's vision, is focused on helping companies create robust software stacks for autonomous platforms. More of this will be discussed later in 2020. Click below to learn more about LYNX MOSA.ic.