London, UK, October 11, 2023 — Foundries.io today revealed its IoT and embedded systems security market outlook for the remainder of the decade, forecasting that government regulation and the risk of market share loss will drive embedded device OEMs to adopt rigorous new practices, ensuring end-to-end security for the life of all products.
The new insights come as Foundries.io celebrates the sixth anniversary of its founding in October 2017, a time when embedded device and OEM cybersecurity concerns were mostly limited to cloud computing platforms, and embedded application development practices paid little attention to the need for ongoing maintenance and security.
Current State of Embedded Device and OEM Security
Today, cloud-native application development and AI use cases force embedded developers to take cybersecurity much more seriously. Looking ahead over the next six years to the end of the decade, Foundries.io expects embedded device OEMs to face an increasing number of security threats. The increasingly hostile environment will be stoked by geopolitical tensions, and conflict with states that use cybersecurity as a military and political weapon. The embedded security picture is also made more difficult by the emergence of AI-based software tools that can be used to generate and modify new forms of malware at high speed.
At the same time, according to Foundries.io’s leadership team, the growing use of open-source software (OSS) packages of uncertain provenance provides additional gateways for cyber-attackers to seed vulnerabilities in unprotected embedded products.
In response, a wave of legislation and security standards looks set to come into force, including measures already announced by the EU and US governments: the EU Cyber Resilience Act and the White House and Congress’ National Cybersecurity Strategy. At the same time, consumers’ privacy concerns and a growing awareness of the financial and reputational costs of security breaches will give OEMs a stronger incentive to invest time and money in strengthening their cyber security defenses.
The Future of Embedded Systems and OEM Cybersecurity
Foundries.io’s forecast predicts that the embedded device industry will be highly motivated to implement new development and device management practices that prioritize security protection. New workflows implemented from the start of prototype development will allow for functions such as seamless over-the-air (OTA) updating, automatic generation and maintenance of a software bill-of-materials (SBOM) specific to each production unit, and cryptographically verified attestation of the sources of all third-party software packages in a device.
George Grey, founder and CEO of Foundries.io, said: ‘Embedded and OEM device security is the defining issue of the 2020s for the embedded computing industry. We are no longer makers of ship-and-forget products: every embedded product in all its many variants needs to be continuously protected for its entire lifetime. The new challenge for device OEMs is to implement a smooth workflow that makes the delivery and installation of security updates to a heterogeneous fleet of devices automatic and flawless.’
He added: ‘OEMs will also need to put in place update and fleet management frameworks that can cope with new and unknown [security] threats, such as the danger to current cryptographic algorithms posed by quantum computers.’
Our Embedded Security Call to Action
The Foundries.io security forecast for the rest of the decade is based on analysis drawn from current customers and from the leaders of Foundries.io’s technology and product development teams. The forecast is being used to direct development of the next generation of Foundries.io’s award-winning FoundriesFactory® platform, and its Linux microPlatform™ (LmP) operating system for Arm® Cortex®-A, x86 and RISC-V® architectures.
New features are currently under development in response to the analysis include tools for automatically attesting the source of open-source software packages, and a new enterprise option for OEMs to own a maintained DevSecOps backend which includes a secure air-gap update and secure OTA infrastructure.
- John Weil, Chief Marketing Officer, Foundries.io – [email protected]
- Rhianna Ogle, TKO Marketing Consultants – [email protected] +44 7866 997774
Foundries.io helps organizations bring IoT and Edge devices to market faster.
The FoundriesFactory subscription service reinvents IoT by delivering a secure, customizable, Linux platform with fleet management services for the world's connected devices. Now, product teams gain enhanced data security while reducing the cost of developing, testing, deploying and maintaining devices across their installed lifetime. Our open-source Linux microPlatform interfaces to any cloud and supports market leading microprocessors, SBCs and SoMs, enabling developers to focus on their applications, and not have to worry about the firmware platform and operating system.