Electronica: CEO forum rambles on IoT security, safety
The moderator Kilian Reichert, started by pointing that a global distributed denial of service attack (DDOS) had taken place only a couple of weeks ago that had paralyzed such Internet dependents as Paypal and Facebook. His opening position was that IoT being a crucial part of automotive but that the idea of vehicles being connected to infrastructure and each other danger lurked around the corner. “The more I am connected the more I am at risk?”
Rick Clemmer, CEO of NXP Semiconductor, pointed out that autonomous driving is not an all-or-nothing offering. Long before fully autonomous driving becomes mainstream and requiring the ultimate in security level 1, 2 and 3 autonomy would be making driving safer, he said. “90 percent of accidents come from human error. It’s about the applications and solutions and making driving easier and safer.”
Stefan Auerbach, responsible for mobile security at Giesecke and Devrient, a company focused on printing, bank note and smart card security, stressed the importance of “end-to-end security” and his faith in hardware and software working in tandem and the need for scalable solutions. However, this is clearly something easier said than done.
Professor Frank Fitzek, Deutsche Telekom Chair of communications networks at Technical University Dresden, a none-CEO on the panel made the point that 5G will bring with it functions such as software defined networks (SDN) and network function virtualisation (NFV) that will help to speedily identified risks and nullify them. “Communications have to become a mesh, not a centralised cellular system but it will also be an opportunity,” he said.
“Who are the enemies?” asked the moderator.
Professor Fitzek: “It started with school kids, but now it is all sorts of people, including governments, but remember also the technology can err. Airbus has I think five computers all doing the same calculations on different platforms to catch errors. It’s about investing in global network security; a bit like the police.”
STMicroelectronics CEO Carlo Bozotti’s contribution was state that security has to address all layers of abstraction: silicon, board, device, network. Auerback said that in the sim card industry produces 5 billion sim cards per year and because they adhere to standards they are very secure.
Professor Fitzek was asked what is the difference between 4G and 5G. “One G,” he said but added that all generations before were looking at communications between humans. “5G is about billions of connections with different key performance indicators (KPIs) such as latency, performance, security. In 1964 Paul Baran – the father of the Internet – proposed a solution for security; multiple paths but it this time not implemented by Kleinrock and others because they did not have capacity. We just have to raise the cost of engagement for the hacker.”
A theme was developing here along the lines that security has to be addressed in a holistic end-to-end fashion but that no individual company or set of companies owns enough of the problem to be able to dictate a solution. Clemmer observed that in the automotive sector security has not been well accomplished but now that cars have been hacked the automotive makers are stepping up.
Reinhard Ploss, CEO of Infineon, observed that consumers are not, as yet, sensitive to IT security. This prompted the thought that some sort of labelling or certification of security might be way to both raise awareness of provide assurance. But should this be driven by companies or governments?
Clemmer didn’t think either should but said company brands could inspire confidence as brand builders had a vested interest in providing secure products. Bozotti took a more a proactive stance saying it is up to government and business to work together. “it is our responsibility to make sure a culture of protection becomes more pervasive,” Bozotti said. However, Professor Fitzek chipped in saying he agreed with NXP’s Clemmer that brands as a way to communicate safety would be important.
Clemmer was able to get one plug in for the in-coming owner of NXP. He said that machine learning was going to be important and that Qualcomm had the 4G and 5G modems and high-end security processing for the myriad applications.
A questioner from the floor said that the public would buy toasters without realizing they could be used to launch distributed denial of service (DDOS) attacks. Some sort of label was needed but should not come from government, which was too slow to act. Clemmer said semiconductor companies worked in the background and did not connect directly to customers. He said a label scheme produced by them would have a “very low probability of being successful.”
Infineon’s Ploss made the point that security must not be static. Therefore, if a toaster became a problem there should be a mechanism whereby it could either be upgraded or kicked off the network.
Professor Fitzek agreed: “Yes we could insist every toaster is a supercomputer; the semiconductor guys would love that. But really we need a smarter network that can monitor itself and exclude the toaster or other rogue devices,” he concluded.
Unfortunately, while the panelists could agree that mastering end-to-end security was essential for the success of IoT, little of practical usefulness was shed on this nebulous topic. It could be argued this was the right topic discussed in the wrong forum.
Related links and articles: