Silicon Labs
|
Silicon Labs Community Silicon Labs Community
  • Products
    1. 8-bit MCU
    2. 32-bit MCU
    3. Bluetooth
    4. Proprietary
    5. Wi-Fi
    6. Zigbee & Thread
    7. Z-Wave
    8. Interface
    9. Isolation
    10. Power
    11. Sensors
    12. Timing
  • Development Tools
    1. Simplicity Studio
    2. Third Party Tools
  • Expert's Corner
    1. Announcements
    2. Blog
    3. General Interest
    4. Projects
How to Buy
English
  • English
  • 简体中文
  • 日本語
//
Community // Blog

Works With: Security Regulations

09/255/2020 | 04:10 PM
Brandon Torio
Employee

Level 3


This week at Works With, Silicon Labs Sr. Product Manager of IoT Security, Mike Dow, discussed the ever-changing landscape of security attacks, legislation and our products’ preparedness for the modern security landscape. Additionally, Brad Ree, CTO of ioXt Alliance discussed how the organization is working to unify IoT security standards and build trust around end-product safety and security.

To begin, Mike discussed the stakes –  modern ransomware attacks are costing companies millions of dollars. Historically, these ransomware attacks have been remote attacks against individuals, such as vulnerable household families on their desktop computers, for around $200-$500 each. Today, however, “big game hunting” is more common, where organizations like hospitals or companies are targeted, for ransoms upwards of $10M-$15M. The exact price paid for these ransoms is hard to know, but it is safe to say these ransomware attacks include costly prices and downtime that companies cannot afford.

Additionally, the rise of “pivot attacks” have empowered the cyber-criminals behind these attacks. “Pivot attacks” refer to the phenomenon of using an IoT device (such as a thermostat) as an entry point to a victim’s network. A network’s security, after all, is only as strong as its most vulnerable connected device. This, of course, speaks to the importance of having strong security in these network end nodes.

Mike notes that this is leading to new legislation around cyber security. While the legislation varies from country to country (and state –to state within the U.S.), it generally provides that IoT devices like lightbulbs and thermostats must be “reasonably secure” against such threats, to prevent individuals and companies from falling victim to ransomware and the downtime that comes with it. He expects that we’ll continue to see IoT security-related legislation appear and evolve over time.

He then discusses how our Secure Vault technology that launched this year contains the exact features needed to help protect companies and individuals against the aforementioned modern attacks. From cryptography features like secure key management, to hardware features like Anti-Tamper and DPA Countermeasures, we’ve protected devices from network attacks, hardware attacks, and ensured integrity, authenticity, and confidentiality for end users.

Anti-tamper is one of the Secure Vault features that safeguard from modern attacks  

These features, along with others, exemplify our commitment to protecting devices during manufacturing, deployment, and end of life.

You can learn more about the Secure Vault features Mike mentioned by visiting the following links:

  • Secure Boot
  • Secure Debug
  • DPA Countermeasures
  • Anti-Tamper
  • Secure Attestation
  • Secure Key Management

View a full list of features here.

Next, Brad Ree spoke about the ioXt Alliance’s efforts to improve the global standard of IoT security and build confidence in IoT products. The alliance drives adoption of their security standards by harmonizing the security requirements of channel owners and suppliers and providing authorized test labs for devices that require a third-party test lab.

Their mission begins with the ioXt Security pledge which exemplifies the scope of their mission, and the wide variety of security measures that need to be in place for secure IoT products: 

Brad shares the ioXt Security Pledge

 Brad went on to discuss how different devices have different security needs, therefore requiring different threat models. By defining all the threats that can happen throughout the lifecycle of a device, effective tests can be defined and manufacturers can be empowered to thoroughly assess device security.

To preserve the integrity of tests and their self-certification program, ioXt Alliance offers a rewards program (similar to a bug bounty) to researchers who find that test integrity was compromised. Upon completion,  ioXt Alliance provides the following certification symbol, which is the same regardless of device type or testing rigor:

By using the same symbol across devices, the alliance hopes to strengthen the recognition of the symbol, eliminate confusion for customers that might come from a tiered system and ultimately build trust that certified products are protected.

Both Mike and Brad share the common hope that IoT products will continue to receive the security-related attention that they deserve. To watch the on-demand recording of the Works With security presentation, click here and register.

To learn more about securing your products and our Secure Vault technology, visit silabs.com/security. 

  • Blog Posts

Tags

  • Wireless
  • High Performance Jitter Attenuators
  • EFR32FG22 Series 2 SoCs
  • EFR32MG21 Series 2 SoCs
  • Security
  • Bluegiga Legacy Modules
  • Zigbee SDK
  • ZigBee and Thread
  • EFR32BG13 Series 1 Modules
  • Internet Infrastructure
  • Sensors
  • Wireless Xpress BGX13
  • Blue Gecko Bluetooth Low Energy SoCs
  • Z-Wave
  • Micrium OS
  • Blog Posts
  • Low Jitter Clock Generators
  • Bluetooth Classic
  • Makers
  • Flex SDK
  • Tips and Tricks
  • timing
  • Smart Cities
  • Smart Homes
  • IoT Heroes
  • Reviews
  • RAIL
  • Simplicity Studio
  • Tiny Gecko
  • EFR32MG22 Series 2 SoCs
  • Mighty Gecko SoCs
  • Timing
  • Temperature Sensors
  • Blue Gecko Bluetooth Low Energy Modules
  • Ultra Low Jitter Clock Generators
  • General Purpose Clock Generators
  • EFR32BG22 Series 2 SoCs
  • Industry 4.0
  • Giant Gecko
  • 32-bit MCUs
  • Bluetooth Low Energy
  • 32-bit MCU SDK
  • Gecko
  • Microcontrollers
  • Jitter Attenuators
  • EFR32BG21 Series 2 SoCs
  • News and Events
  • Wi-Fi
  • Bluetooth SDK
  • Community Spotlight
  • Clock Generators
  • Biometric Sensors
  • General Purpose Jitter Attenuators
  • Giant Gecko S1
  • WF200
  • Flex Gecko
  • Internet of Things
  • 8-bit MCUs
  • Wireless Jitter Attenuators
  • Isolation
  • Powered Devices
  • Power

Top Authors

  • Avatar image Siliconlabs
  • Avatar image Jackie Padgett
  • Avatar image Nari Shin
  • Avatar image lynchtron
  • Avatar image deirdrewalsh
  • Avatar image Lance Looper
  • Avatar image lethawicker

Archives

  • 2016 February
  • 2016 March
  • 2016 April
  • 2016 May
  • 2016 June
  • 2016 July
  • 2016 August
  • 2016 September
  • 2016 October
  • 2016 November
  • 2016 December
  • 2017 January
  • 2017 February
  • 2017 March
  • 2017 April
  • 2017 May
  • 2017 June
  • 2017 July
  • 2017 August
  • 2017 September
  • 2017 October
  • 2017 November
  • 2017 December
  • 2018 January
  • 2018 February
  • 2018 March
  • 2018 April
  • 2018 May
  • 2018 June
  • 2018 July
  • 2018 August
  • 2018 September
  • 2018 October
  • 2018 November
  • 2018 December
  • 2019 January
  • 2019 February
  • 2019 March
  • 2019 April
  • 2019 May
  • 2019 June
  • 2019 July
  • 2019 August
  • 2019 September
  • 2019 October
  • 2019 November
  • 2019 December
  • 2020 January
  • 2020 February
  • 2020 March
  • 2020 April
  • 2020 May
  • 2020 June
  • 2020 July
  • 2020 August
  • 2020 September
  • 2020 October
  • 2020 November
  • 2020 December
  • 2021 January
  • 2021 February
Silicon Labs
Stay Connected With Us
Plug into the latest on Silicon Labs products, including product releases and resources, documentation updates, PCN notifications, upcoming events, and more.
  • About Us
  • Careers
  • Community
  • Contact Us
  • Corporate Responsibility
  • Privacy and Terms
  • Press Room
  • Investor Relations
  • Site Feedback
  • Cookies
Copyright © Silicon Laboratories. All rights reserved.
粤ICP备15107361号
Also of Interest:
  • Bring Your IoT Designs to Life with Smart,...
  • A Guide to IoT Protocols at Works With...
  • IoT Hero Rainus Enhances the In-Store Shopping...