Foundries.io forecasts more security threats but better preparedness

The new insights come as Foundries.io celebrates the sixth anniversary of its founding in October 2017, a time when cybersecurity concerns were mostly limited to cloud computing platforms, and embedded application development practices paid little attention to the need for ongoing maintenance and security. 

Today, cloud-native application development and AI use cases force embedded developers to take cybersecurity much more seriously. Looking ahead over the next six years to the end of the decade, Foundries.io expects embedded device OEMs to face an increasing number of security threats. The more hostile environment will be stoked by geopolitical tensions, and conflict with states that use cybersecurity as a military and political weapon. The security picture is also made more difficult by the emergence of AI-based software tools that can be used to generate and modify new forms of malware at high speed.

At the same time, according to Foundries.io’s leadership team, the growing use of open-source software (OSS) packages of uncertain provenance provides additional gateways for cyber-attackers to seed vulnerabilities in unprotected embedded products.

In response, a wave of legislation and security standards looks set to come into force, including measures already announced by the EU and US governments: the EU Cyber Resilience Act and the White House and Congress’ National Cybersecurity Strategy. At the same time, consumers’ privacy concerns and a growing awareness of the financial and reputational costs of security breaches will give OEMs a stronger incentive to invest time and money in strengthening their cyber defences.

George Grey, founder and CEO of Foundries.io, said: ‘Device security is the defining issue of the 2020s for the embedded computing industry. We are no longer makers of ship-and-forget products: every embedded product in all its many variants needs to be continuously protected for its entire lifetime. The new challenge for device OEMs is to implement a smooth workflow that makes the delivery and installation of security updates to a heterogeneous fleet of devices automatic and flawless.’

He added: ‘OEMs will also need to put in place update and fleet management frameworks that can cope with new and unknown threats, such as the danger to current cryptographic algorithms posed by quantum computers.’

The Foundries.io forecast for the rest of the decade is based on analysis drawn from current customers and from the leaders of Foundries.io’s technology and product development teams. The forecast is being used to direct development of the next generation of Foundries.io’s award-winning FoundriesFactory platform, and its Linux microPlatform (LmP) operating system for Arm Cortex-A, x86 and RISC-Varchitectures.

New features under development in response to the analysis include tools for automatically attesting the source of open-source software packages, and a new enterprise option for OEMs to own a maintained DevSecOps backend which includes a secure air-gap update and secure OTA infrastructure.