World’s Leading Trade Fair for Electronic Components,
S stems and Applications
Messe München I November 8–11, 2016 I electronica.de
Your U. S. contact: Ms. Tina Hoehn
Phone +1 646 437 1014 I firstname.lastname@example.org
Tickets & Registration:
Planet e: Where
the future begins.
Electronics of tomorrow.
• Encrypting any PHI data the device receives, stores and
• Enabling code signing for secure device boot.
• Ensuring all connections the device makes to servers, Wi-Fi,
the cloud, other devices are authenticated, secure.
Alan Grau: There are a number of important security considerations for embedded devices. Secure communication protocols and strong authentication (both user-machine and ma-chine-machine) are foundational features. Other features that
need to be included are secure boot, secure firmware updates,
intrusion detection, endpoint firewall, and a management agent
for integration with the IT security management system.
MDT: How can designers create products with upgradable security
capabilities which can evolve to meet new threats?
Alan Grau: It is critical to provide support for security
management and secure remote firmware updates that enable
effective protection from new threats as they emerge. Remote
management allows updates to security policies (firewall rules,
etc.) to block new attacks. Secure firmware updates allow
patching of security vulnerabilities and an upgrade path to
support new security features as they become available for the
MDT: How much does cyber-hardening a connected product add to
its unit cost?
Mike Nelson: There are many variables that impact the true
per unit cost of hardening a device. There are approaches for
securing medical devices that can cost very little and allow
the manufacturers to improve the security with much of an
incremental cost. Partnering with a trusted certificate authority
already operating in the IoT market can prove beneficial to
companies looking to implement scalable, flexible solutions at
a reasonable cost.
Alan Grau: There are two cost elements to adding cyber-se-curity to an embedded device. The first is additional BOM
costs. This can include a hardware security coprocessor, faster
CPU, and more memory. Depending on the device, this could
range from a few dollars to less than a dollar per device. The
second is the engineering cost (NRE) to build the security
features into the device. While this up-front cost may be significant, it can be amortized across all the units produced.
What companies often don’t consider is the total cost of a
security breach. What is the cost in terms of brand damage, liability, and lost sales if a product is not adequately secured? We
are seeing larger network operators include security evaluation
as purchasing criteria and products without adequate security
are not being sourced. Security will become a critical product
differentiator in the years to come and companies that make
the investment in security, today will be the market leaders in
the years to come. MDT