Speaking at CSIT’s eighth Annual World Cyber Security Summit in Belfast Professor Máire O’Neill, CSIT principal investigator & director, UK Research Institute in Secure Hardware and Embedded Systems (RISE), explored the risks of connected devices, the challenges of securing them and how the recently launched RISE is seeking to address the issues.
With the multitude of connected devices used globally today, and the continued growth in the future, “we are going to have to use machine-to-machine communication [to control them], which means going forward, we’ll no longer have direct control over with whom or what our devices are communicating with, leading to major security risks,” O’Neill said.
Along with the threats surrounding the huge number of global connected devices, O’Neill also pointed to counterfeit devices, untrusted supply chains, hardware trojans and vulnerabilities affecting hardware devices as factors that are increasing the risks of insecure IoT/connected products.
In terms of the challenges in securing connected devices and making them trustworthy, she cited the following as key:
- How do we detect counterfeit devices? “Typically it’s only defense industries that actually have a very critical requirement to ensure their processes are genuine and actually have adequate detection techniques in place, but in the wider consumer market there are really very poor or no detection strategies in place.”
- How do we detect manipulated devices?
- Is it possible to build attack-resilient hardware platforms?
- How do we deal with untrusted manufacturing processes & untrusted supply chains? “We are kind of dependent on [these] today because of the worldwide distributed nature [of business].”
The answer lies in a need for hardware security, O’Neill said, with a multi-layered approach, establishing a trusted computing baseline that anchors trust in tamper-proof hardware.
To address the issue, RISE was set up with the followings aims/visions:
- To encourage engagement with leading industry partners and stakeholders
- To be the go-to place for high quality hardware security research
- Enable translation of research into new products, services and business opportunities for the benefit of the UK economy
- To be a strong network of national and international collaborators and research project partnerships