New products and services are being developed every day as companies strive for digitisation. The new digitization market offers enormous potential for new products and solutions in a wide range of industries. It is easy to buy cheap hardware and marry it with an everywhere available open source application. A little bit of Linux, MQTT and Raspberry PI is put together - and the IOT product is ready to be used or even sold. But what does it look like in terms of IT security?
It is now easy to imagine that many of these new products and devices are directly connected to the Internet or even form an active interface between internal networks and the Internet. At the same time, we know that connecting to the public Internet is a sensitive transition where only trusted devices should be used. But is this trust justified if the devices are built purely on functionality - without any security guide or security framework? A comparison with safety or functional security is obvious. Today, it is no longer conceivable to develop a machine without a risk analysis of the safety technology. Or that the safety elements built into it do not have the appropriate certification. Instead, standards and norms specify how safety components must be developed and applied. These specifications do not yet exist for information technology, but with Security by Design the methods are well known. However, they must be applied.
The lecture conveys knowledge about common Security by Design processes and recommendations for action. Especially the design of IoT devices from hardware to software. In detail it is about integration of Secure Elements, Secure Boot and Secure Firmware with mandatory patch management. Furthermore, the second part of the lecture deals with the integration of IoT applications, e.g. with the Docker application for domain separation and what roles data diodes play today in the automation world.
Plan your visit to the trade fair!