IoT Needs Security All the Way Down to the Sensors

Embedded applications are far more vulnerable to security risks than most engineers realize, an expert will tell attendees at the upcoming Design & Manufacturing Show in Minneapolis.

"You can't just say, 'The gateway is secure and the cloud is secure,' and assume that's enough," Alan Grau, president and co-founder of Icon Labs , told Design News . "We're trying to bring awareness to the fact that you need to have security all the way down to the end points."

In a session titled, "Strategies for Adding Security to Industrial IoT End Points," Grau will discuss the ways individual devices can be secured against cyber attacks and tampering. He will also explain how to identify and overcome challenges involved in securing embedded devices.

The end points, or sensors, are often overlooked in Internet of Things (IoT) applications, Grau told us. "You've got this huge proliferation of IoT end points that are starting to happen," he said. "But people haven't yet figured out how to address security for all these devices."


D&M Minn logoStrengthening IoT Endpoints. Learn the best practices for securing IIoT devices against cyber attacks and tampering during Alan Grau's Industry 4.0 session "Strategies for Adding Security to Industrial IoT Endpoints" at Design & Manufacturing , Sept. 21-22, 2016 in Minneapolis. Register here for the event, hosted by Design News ’ parent company, UBM.


Numerous studies have shown that most IoT applications are woefully unprepared for cyber attacks. A 2014 study by Hewlett-Packard , for example, revealed that 70% of the most commonly used IoT devices contain gaping security holes. On average, such devices have 25 vulnerabilities, the study said. Similarly, a 2009 Columbia University study, Brave New World: Pervasive Insecurity of Embedded Network Devices , concluded that embedded devices were about 18 times more vulnerable to attack than enterprise devices, such as office laptops.

In his 30-minute talk, Grau will touch on authentication, security architectures, and successful integration of embedded security with enterprise security. "In the time we have, we'll start at the high level and then go down to the nuts and bolts," he said.

The session will take place on Thursday, Sept. 22, at 1:30 p.m. at the Minneapolis Convention Center.

Grau said he will target the talk at engineers and managers who are responsible for building connected devices. "If you're device is connected, then you need to be protecting it," he said. "So we will look at what you can do, what you should do, and how to get started."

Senior technical editor Chuck Murray has been writing about technology for 32 years. He joined Design News in 1987, and has covered electronics, automation, fluid power, and autos.

Add new comment

By submitting this form, you accept the Mollom privacy policy.