From automotive and avionics to medical devices and consumer electronics, more safety-critical applications using embedded systems are coming online every day. Are we doing all that we can to protect users from these devices in the event of product tampering or malfunction? The answer is no. Once again, results from Barr Group’s 2017 Embedded Systems Safety & Security Survey reveal some alarming statistics about the state of the overall safety of our connected world.
Based on more than 1700 qualified responses, over 60% of all current embedded systems projects will be online for at least a portion of the time that they’re in use. Of the embedded systems devices that will be online, 25% are applications that have been self-identified as being safety-critical. That is, a device that can cause injury or death in the event of tampering or malfunction.
When it comes to these safety-critical devices, one would hope that designers would take the necessary precautions to ensure that their devices are secure—especially if those devices are connected to the Internet. Unfortunately, that’s not the case. Instead, we found that of the products that will be online and able to cause death or injury in the event of malfunction or tampering:
- 22% of designers don’t have security as a design requirement
- 48% don’t bother to encrypt their communications over the Internet
As a result of these and other oversights, command and control sequences are flowing over the Internet “in the open” and potentially sniffable on wireless or wired networks or by various rogue network intermediaries. This is a dangerous scenario that puts end users’ safety at risk.
Furthermore, this year’s survey has also uncovered that of the embedded systems engineers designing safety critical applications, 19% don’t follow coding standards; 42% conduct only occasional code reviews or none at all; and 36% don’t use static analysis tools—industry best practices which are known to improve device safety, reliability, and security. At this rate, the Internet is going to be even less stable and secure as the IoT ramps up.
Last year, our survey found that 20% of those working on safety-critical projects that would be connected to the Internet said security didn’t matter for their design. Compared to this year’s 22%, this trend is relatively flat, showing no marked improvement in how teams are prioritizing security during the design process. This is a problem. With all of the hype around IoT device vulnerability and the increased visibility of instances where compromised devices have put connected applications at risk, it’s very concerning that many design teams continue to work at status quo. Design teams are neglecting to make security a priority, especially for safety-critical devices. With each new safety-critical device that comes online, the risk to the overall safety and integrity of the network grows.
As more safety-critical devices come online, we as an industry must ask ourselves, are we doing all that we can to protect our users and others? Are we so stuck in designing “the way we’ve always designed” to notice that as our connected world changes, our design practices must change with it? For those working on safety-critical devices, these questions are not just questions on design process philosophy. These become moral questions. Moving forward, as an industry, we must decide if we’re going to create an IoT that’s safe, secure, and full of endless possibilities, or if we’re going to create an Internet of Dangerous Things. Only time will tell.