Embedded safety and security in the spotlight
With the aim of helping organisations build safer, more reliable and more secure embedded systems, Barr Group has conducted its third annual Embedded Systems Safety & Security Survey. Electronic Specifier Editor Joe Bush caught up with CEO, Andrew Girson, at the embedded world exhibition (where Barr Group announced the survey’s findings), to find out more.
With the aim of deepening the knowledge of trends and practices across the embedded systems industry, which has become increasingly focussed on safety, reliability and security, the Barr Group survey was conducted between 10th January and 3rd February this year, and targeted companies on a global level and across a variety of industries.
To qualify to take part in the survey respondents had to have acquired paid design experience, and be directly involved in design work. Any respondent failing to meet this criteria, or who provided vague project details, were disqualified. Examples of participating companies included Apple, Thales, Texas Instruments, Philips, IBM, Lockheed Martin and Intel - with the total number of participating companies totalling well over 1,000.
One of the key findings of the survey was that many companies, who are producing devices that could pose a threat to life if they fail, are not taking the appropriate safety and security precautions, as Girson commented: “One of the first things we asked our group of respondents was, what’s the worst thing that could happen if your device fails? That might be a simple thing, like the customer gets upset or returns a product. But it could be much worse i.e. it could result in someone’s death. So, 28% of respondents stated that injury or death could result from a failed product, predictably from industries such as medical, aerospace, industrial and automotive.
“One of our initial findings that was most troubling was that there are relevant safety standards in each of those industries, and you would expect that if your device could kill or seriously injure, you would be following those safety standards to the letter - however, only about two-thirds of companies are doing that. That’s a concern and something where industry needs to do better.
“In addition, there are well known best practises within software - use of coding standards, code reviews, stack analysis etc. These have been proven over the years to reduce bugs and defects. So, again, if you're designing a device that could kill, you’d logically think that these best practises would be employed. Again, however, we’re not seeing anywhere near 100% implementation of these best practises."
With the majority of new products now having multiple processors and an internet connection, the attack surface is rapidly increasing. Therefore, meeting the relevant security requirements should always be high on the agenda.