UL, MIPI Bolster IoT Security

Release time:2017-05-05
author:
source:EETimes
reading:494

UL (formerly Underwriters Laboratories) and the MIPI Alliance are the latest groups to expand security initiatives for the Internet of Things. They join groups such as the IoT Security Foundation, picking up the pace on what looks to be a never-ending journey toward a safer IoT.

UL hopes to roll out by the end of the year a software security standard for IoT gateways and a set of best practices for software security in consumer IoT products. Its aims to ramp up its first initiatives in hardware security next year.

The MIPI Alliance put out a separate call for participation in a new security working group. It aims to draft a security framework this year for systems using MIPI interconnects across areas including automotive, mobile and IoT.

The efforts are among many that some experts say fall short. “Regulations are necessary, important and complex--and they’re coming. We can’t afford to ignore these issues until it’s too late,” said Bruce Schneier, a security expert and Harvard lecturer, in testimony to the U.S. Congress last November, following the Mirai attack.

“The government could impose minimum security standards on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care. They could impose liabilities on manufacturers…The details would need to be carefully scoped, but either of these options would raise the cost of insecurity and give companies incentives to spend money making their devices secure,” Schneier said, noting consumers typically don’t want to pay more for security.

Indeed, only two companies have received certification for the initial UL 2900 cybersecurity standards the UL rolled out in April 2016, although many more products are now in the UL’s pipeline.

“Some industries are fairly mature, with dedicated cybersecurity teams that can respond quickly and others are more immature such as new, innovative consumer IoT companies that may have just one person responsible and looking for guidelines,” said Ken Modeste, a principal engineer leading UL’s security effort.

Meanwhile, UL is also expanding the 2900 suite to include a variety access control and building automation devices. It has 10 companies working on its consumer IoT best practices guidelines and details of its IoT gateway spec coming out within days.

“We see this as a long-term initiative that will take many years to accomplish some kind of cyber-supremacy over the risks out there,” he said. “This program can’t be a catch-all for 100 percent of the issues, but we can build a foundation,” he added.

“The request for the hardware part of security is becoming more prevalent, so our goal is to initiate it in the middle of next year. We have some hardware initiatives around payment terminals and automotive, and our goal is to find a way to address hardware overall,” Modeste said.

The hardware effort may try to create a certification program for how devices use password or encrypted keys to store and access data. “We welcome collaboration with players in this space, he said, noting a need for hardware expects across domains including automotive, FPGAs and microcontrollers.

Online messageinquiry

reading
  • Week of hot material
  • Material in short supply seckilling
model brand Quote
TPIC6C595DR Texas Instruments
CD74HC4051QPWRQ1 Texas Instruments
TL431ACLPR Texas Instruments
PCA9306DCUR Texas Instruments
TXB0108PWR Texas Instruments
TPS61021ADSGR Texas Instruments
model brand To snap up
TPS5430DDAR Texas Instruments
TPS61021ADSGR Texas Instruments
ULQ2003AQDRQ1 Texas Instruments
TPS63050YFFR Texas Instruments
TXS0104EPWR Texas Instruments
TPS61256YFFR Texas Instruments
Hot labels
ROHM
IC
Averlogic
Intel
Samsung
IoT
AI
Sensor
Chip
Information leaderboard
  • Week of ranking
  • Month ranking
About us

Qr code of ameya360 official account

Identify TWO-DIMENSIONAL code, you can pay attention to

AMEYA360 mall (www.ameya360.com) was launched in 2011. Now there are more than 3,500 high-quality suppliers, including 6 million product model data, and more than 1 million component stocks for purchase. Products cover MCU+ memory + power chip +IGBT+MOS tube + op amp + RF Bluetooth + sensor + resistor capacitance inductor + connector and other fields. main business of platform covers spot sales of electronic components, BOM distribution and product supporting materials, providing one-stop purchasing and sales services for our customers.