Focus On Cyberdesigns

Focus On Cyberdesigns

There are common ways to secure IoT (Internet of Things) and web applications today. TLS 1.2 (Transport Layer Security) is being used and it is backward compatible to previous TLS and deprecated SSL (Secure Sockets Layer) protocols. SSL was created by Netscape in the mid-nineties. It still exists in old environments.

SSL was the precursor of TLS and it had versions 1.0, 2.0, and 3.0. Also, the newer versions of TLS 1.0 and TLS 1.1 are not deployed because of security weaknesses. TLS versions 1.2 are integrated widely into common IT operating systems today. And it integrates with common browsers and IoT clients. But that is not the case for a few embedded environments.

There is a wide variety of IoT applications that use older versions of TLS or SSL. It leads to the need to upgrade web clients and other applications to the newest version of TLS. It would also be constructive to have Python, Java, C#, and C/C++ code snippets developed by software language architects and engineers that are security reviewed for various embedded operating systems. Then they integrated into IoT environments.

One other complexity is the use of encryption in the IoT embedded use of TLS 1.2 and 1.3. The use of encryption in transit and at rest, brings along with it the responsibility of key management. This is very complex, and it requires review of design and implementation by global security experts.

Because IoT applications are within many manufacturing environments, they need a significant amount of security built into them so that manufacturing environments have fewer risks associated with development of their products. IoT software upgrades, testing, and cloud integration may be a large effort. Having embedded software development that follows NIST, ISA, and ISO policies goes a long way to reducing IoT business risks.