Internet of Things (IoT), with the massive wireless connection technologies, the growing number of IoT devices, and the complexity of these connected things, introduces new cybersecurity challenges and risks to the marketplace. As reaching the ideal scenario of everything connected, mobile devices increasingly handle sensitive data and becoming more important than ever to ensure their security. IoT device security is even more critical now that 5G services are live. The breach of IoT devices allowing attackers to easily hijack the property poses an inherent risk to the security of enterprises which deploy the technologies. And worldwide spending on the IoT has been impacted by these worries. The cybersecurity solutions of IoT are getting more attentions than ever.
GlobalPlatform is a non-profit industry association highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed. On Tuesday, 25 August 2020, GlobalPlatform, with support of Primary Sponsor and Full Member Winbond Electronics Corporation, together with Arm and Industrial Technology Research Institute (ITRI), hosted an IoT Security and Certification Schemes Workshop at Sheraton Hsinchu Hotel in Zhubei City, Taiwan. The workshop provided the latest information about the technology dynamics of Secure Element (SE) and Trust Execution Environment (TEE). At the same time, it showed several countries' development status and government policies, plans and regulations in Europe and North America, specifically designed to support IoT device manufacturers and certification bodies to establish their own IoT device security certification schemes.
Kevin Gillick, Executive Director of GlobalPlatform, in his opening remarks through remote video conferencing, thanked Winbond, Arm and ITRI teams for making this half physical and half virtual workshop possible. Responding to IoT security has built a tight collaborative relationship between industries and governments, he adds. With a mix of local on-site speakers and GlobalPlatform virtual presenters, participants shared a great opportunity to interact with subject matter experts.
An estimated 75.44 billion IoT devices will be in the marketplace by 2025. This astronomical number is even posing a more serious threat to security and privacy than ever. GlobalPlatform's work brings greater trust to the IoT eco-system. To deploy the security framework of "secure enough" is an essential task to begin. The Security Evaluation Standard for IoT Platforms (SESIP) methodology will standardize security certification for IoT industries and give device makers and solution vendors the ability to demonstrate alignment with market requirements, use cases and regulations.
GlobalPlatform, established 20 years ago, is driven by approximately 80 member companies. Members share a common goal to develop GlobalPlatform's specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted. And while avoiding attack threats, it will protect services and provide end users with trusted information that is securely managed throughout the IoT products lifecycle.
5G Chain of Trust framework to protect information and privacy
Dr. Yeali Sun, Commissioner of Taiwan National Communications Commission (NCC), in her keynote session, highlighted 5G broadband networks as a major driving force for industrial digitization and technology upgrade. 5G will deliver benefits to the nation, society, economy, industry, enterprises and individuals. 5G is playing the role of enabler to create more economic prosperity. That is the reason why the WEF (World Economic Forum) sets 5G as the forth industrial revolution. 5G networks are constructing a beneficial infrastructure for digital innovation.
5G network infrastructure provides the high data speed and flexibility needed to cultivate new services and innovative applications. Leveraging software defined network and modern ICT technologies in scale, 5G network security is becoming critical for many countries. 5G services rely on sufficiently trustworthy access across the network, Sun noted. There are several important topics that need to be addressed including 5G network governance, trusted hardware/software and supply chain, trusted operation and management, trusted end-to-end operation, integration of cybersecurity with operations and privacy protection.
Either 5G equipment or IoT devices, these products are a complex combination of many components and involve multi-stakeholders such as hardware manufacturers, software developers, service providers, end users and data owners. To verify whether these devices are secure enough, she simply asks two questions to make things clear. First, can device owners acquire devices through a trustworthy supply chain? And second, can a device owner maintain positive control over the device?
At the end of her speech she offered two major conclusions. The first, cybersecurity capability is imperative for network operators, service providers and regulatory government agencies. Second, the hardware Root of Trust (RoT) in IoT is a promising way of providing the foundation to establish a Chain of Trust (CoT) for the device to provide assertions about the device to the information.
Making Taiwan a trustworthy international secure components and systems supplier
In his keynote address, Dr. Edwin Liu, President of ITRI, spoke about the fast migration towards a digital life in the post-pandemic era. This brings two major challenges and issues, which are IoT network security and supply chain management. Taking action to solve these issues will earn global trust and transform Taiwan into an important force in the global economy. He analyzed the types of cybersecurity threats to showcase participants the case studies which cause massive economic loss for global societies.
Taiwan's strength in semiconductor and ICT sectors plays a central role in global IoT supply chains. Due to international customers' strict safety requirements, it is enabling Taiwan manufacturers to further invest in technology. And the fact that the number of cybersecurity attacks is increasing every day is also helping Taiwan's cybersecurity protection capabilities to rapidly upgrade. For example, based on many years of technical development, ITRI hosts several collaborative projects with various vendors for introducing systems such as a specialized supply chain monitoring system, a software based cybersecurity diagnostic system, and software and hardware tamper-resistant technologies to avoid code change while transferring data files.
The same thing applies to Taiwan's PC server manufacturers as they establish the supply chain security testing standards for OT and IT networks. They are also taking actions to prevent non-authorized software or firmware from being installed into IC chips while purchasing from vendors. Meanwhile, logistics partners also provide proof of their practices to improve cybersecurity across the supply chain, thus increasing the security levels for customers.
Taiwan manufacturers are providing layers of cybersecurity solutions across the entire eco-system, leveraging its strength in both IC chips and electronics manufacturing services. Through cybersecurity standards and certification, Taiwan continues to invest in its information and digital industries to take a leading position to transform Taiwan into a critical force in the global economy. ITRI is setting a goal to build a cybersecurity industry that can integrate with 5G, digital transformation, and Taiwan national security, striving to create cybersecurity systems and an industrial chain that can protect the country and earn the world's trust.
Building Taiwan cybersecurity eco-system to keep the Internet of Things Safe and Secure
Traditionally, people with more resources are more likely to have security concerns. In today's connected world, there is no denying that smart applications and 5G networks create immense value and opportunity. But on the other hand, cyber vulnerability is leading to a loss of consumer confidence. Consumers need reliable security to protect private data of every individual in the digital world. We believe that non-secure IoT devices pose a severe cyber-threat that must be addressed by securing technologies used for the storage of data, code, and credentials in all connected devices.
The essential concept of IoT is everything connected. Compared with the more mature architecture of PC's and smartphones, the IoT cybersecurity eco-system is still in the very beginning stage. Due to the ever-growing complexity and flexibility of IoT applications, all devices are connected and becoming things in the IoT world. For this sensitive situation, there are some thoughts that matter. We need consumers with safety and cybersecurity concepts. We request industries to provide secure technologies. We expect governments to set the standards and certification processes. And we require the building of a neutral security validation mechanism in Taiwan. These are serious concerns that need to be addressed to realize the market potential of IoT.
Winbond is the leading global supplier of code storage memory solutions and secure memories. And Nuvoton is a major solution provider of MCU and server ICs. Both are key components to control the operation of machines and electronics devices. To integrate upstream and downstream of IoT supply chains covering semiconductor components to electronics devices via networking connection, cloud platforms and to the end point applications, each layer needs to equip with proper cybersecurity technologies to offer a dependable solution for manufacturers of connected devices against cyber threats and attacks. Semiconductor products are the base of Root of Trust. And they are the initiation of Chain of Trust.
Mr. Arthur Yu-Cheng Chiao, Winbond Chairman and CEO, gave his keynote on the topic "Catch IoT Opportunities with An Eco-system and Security Solutions", he explained that Taiwan is the global site of electronics manufacturing services with complete electronics supply chains and a strong foundation for an IoT cybersecurity eco-system. As a member of GlobalPlatform, Winbond has moved to collaborate with GlobalPlatform in promoting IoT information security and working out a set of IoT security standards that Winbond hopes to introduce as its accreditation system in Taiwan. Serving as a bridge to promote vertical division of the cybersecurity eco-system among players in different segments, and pushing for their cooperation with the government, Winbond will promote its strategy for digital safety for Taiwan in the era of Internet of Things.
GlobalPlatform with support of primary sponsor Winbond hosted an IoT Security and Certification schemes workshop
DIGITIMES' editorial team was not involved in the creation or production of this content. Companies looking to contribute commercial news or press releases are welcome to contact us.