>> Electronic Design Resources
.. >>数字版本
.. .. >> Top Stories of the Week
.. .. .. .. >> 2021电子设计预测
After the recent SolarWinds1 hack that impacted the United States federal infrastructure and organizations globally, perhaps now is the time to look at what to expect in embedded-system security this year. Haydn Povey, Founder and CEO of Secure Thingz/General Manager, Embedded Security Solutions, atIAR系统这是最重要的安全专家,提供了七个见解和预测,即在2021年,从每个芯片开始,从每个级别的安全处于技术的最前沿。
1. Security will go mainstream.
Among chip vendors, right now we see security in high-end, next generation, expensive devices that vendors are pushing to companies who need security. Security must be inherent in low-end chips as well—whether it’s an $0.80 or $8.00 microcontroller, they all need to have some level of security.
While some vendors are making this happen, most are not. Granted, this isn’t black and white. It varies based on what you are protecting, who you’re protecting it against, and the value of what’s being protected. Regardless, every device must have a certain hygiene level that’s higher than it is today. Security must become mainstream, which is where most of the chips used reside, at the one, two, and three dollar range.
2. We will see the first $100 million dollar hack.
If we look at the biggest attacks of 2020, one of the biggest was at Norsk Hydro, an aluminum processing plant. It’s estimated that the cost of the impact and rebuilding of their systems, including virtually every system, right down to the digital clock on the wall, was over $55 million. The company did the right thing, it was attacked with ransomware and chose not to pay. They had to return to manufacturing big rolls of aluminum using paper manuals as every system was locked down.
In 2021, we will likely see that cost double due to systemic attacks. In addition, as systems are becoming so entwined, a rogue attack on a commercial target could bring down entire smart city infrastructure and transportation systems. This will no doubt have enormous implications in cost, productivity, and more.
3. C-Suite将对安全性负责。
无论您是首席信息安全官(CISO),首席执行官,首席运营官还是董事会成员,产品安全的责任和责任都与您有关。公司不再承担责任;相反,它正在从公司过渡到个人责任。如果公司有违规行为,则首席执行官的工作将在线。
We’ve come to this point because cost-sensitivity, while important, often leads to cutting corners to get products out competitively priced. Often security is one of the casualties.
By transitioning ownership to the C-Suite and placing responsibility there, the industry will change. Gartner predicted that 75% of CEOs will be personally liable for cyber physical incidents by 2024.2 They also predict that the financial impact of cyberattacks will reach $50 billion by 2023. The C-Suite will no longer be able to plead ignorance or hide behind insurance policies.
如今,公司为被黑客入侵提供了保险,但是当您的产品使您的客户被黑客入侵时会发生什么?您的责任飞涨。而且,如果您没有采取预防所需的步骤,则任何保险公司都不会承担损失。C-Suite将负责。有趣的是,在民族国家赞助的Solarwinds攻击之后会发生什么,以及这是否最终将注意力集中在执行团队以及惩罚性后果以及惩罚性后果的情况下。
4. IoT hacks will go mainstream.
So far, most hacks have been in niche products, but there’s a very clear expectation that these will go mainstream. For example, Ring doorbells had real problems recently with the fact that they’re enabling enforcement agencies to backdoor into cameras. Thus, the police had access to people’s videos from the doorbell cameras. If you know what you’re signing up for, then that’s one thing, but in actuality, very few people are aware of the impact on privacy and how they’re monitored. If you can have a backdoor for the police, there’s a potential that other third parties can get in as well. The privacy consequences are scary and huge.
物联网可能会被滥用。例如,如果某人处于强制性关系中,物联网就会从让您打开热量的东西转变为监视伴侣和执行限制的方式。它变成了危险的东西。您可以知道他们何时离开房子,他们进入哪个房间,或者他们是否完成了家务劳动。它变成了反乌托邦的噩梦。
以相同方式滥用Internet的物联网的能力很大。每个高级技术都有两个边缘。如果物联网黑客可以控制连接的门铃,他们可以使用它来计划抢劫,开始火灾,并做几乎犯罪思想可以想象的任何事情。
5. Tech will need to define a better secure supply chain, globally.
公司从不同制造商那里采购芯片,副组件和其他设备,这些设备最终被整合到最终产品中,例如车辆。在此过程中,必须在供应链沿线的每一步中进行安全性。您必须知道产品中的内容,因为您必须对此负责。
Frameworks are evolving from organizations like the IoT Security Foundation, which require identity to be built into a product and included in a manifest of how they’re created. Companies will have to demonstrate how a product is managed throughout its entire lifecycle to ensure it’s not cloned, not counterfeit, etc., and that it’s secure. The tech world will have to learn from the food industry and the ways they can trace food, from farm to table, so that if something goes wrong, every product that could be impacted can be identified.
6.所有开发都将成为以安全性为中心的。
以安全性为中心意味着在C-Suite级别设定策略,以创建一个安全的供应链,公司可以在其中管理每个产品中的内容以及开发,升级程序和保护其IP。这些政策必须确保从设计到交付的每一步都确保安全性,并防止黑客入侵或后门。
In reality, mistakes happen—software is complex. When they do, the policy must ensure that updates are provided securely and in a timely way. Therefore, only the right updates with the right versioning from the right vendor can be applied with proper encryption technology. Security needs to become part of development flow, not separated. Protecting code means protecting customers.
7.设备到云的功能将成为标准配置。
生成的每个消费设备本质上都是云本地。我们必须有一个机制,以便每个连接的设备(灯泡,烤箱,冰箱,汽车等)都可以轻松连接到云。这意味着每个人都必须具有对消费者透明的内置,云原状的身份。然后,消费者可以选择与谁合作;例如,他们可以使用Verizon,然后移动并更改为T-Mobile。这意味着设备必须更聪明,具有重新设置的能力,必须由一个人解耦,并由另一个人重新耦合,
例如,如果您拥有冰箱,则可以在更换时捐赠或出售。这需要一个具有多个身份级别的智能设备 - 原始所有者的固有身份,可以被新所有者杀死并取代新所有者,并且对消费者都是透明的。这意味着我们必须考虑设备到云的身份,配置和构建,以便我们可以启用它。
总体而言,在2021年的安全性方面,有很多事情要完成。好消息是我们有能力和思想可以做到这一点。随着年的发展,看到这些预测和见解如何形成将很有趣。
参考
1.https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/
