Safety and security survey reveals an 'Internet of Insecure Things'
Barr Group will release the final analysis of its '2018 Embedded Systems Safety & Security Survey' on 27th February 2018, at embedded world in Nuremberg, Germany. Preliminary results reveal news regarding the state of security for IoT devices. Of the embedded systems developers working on internet connected or IoT projects, 22% do not list security as a product requirement for their current project.
With the growing number of hacks and cyber attacks threatening internet connected devices, this statistic serves as a warning that security breaches and attacks will continue to plague the embedded system industry in the short term future.
Completed by more than 1,700 qualified respondents, the '2018 Embedded Systems Safety & Security Survey' was designed to gauge the state of product development practices of embedded systems engineers from around the world (46% from North America, 33% from Europe, 10% from Asia, and 11% from other geographies).
Based on survey data from 2018 as well as results from prior years, the embedded industry is showing modest improvement when it comes to making security a design consideration during product development, rising six percentage points from 2016 to today’s 67%. However, with 33% of all embedded engineers and 22% of engineers designing internet connected devices still neglecting to focus on security during product design, the IoT continues to be an 'Internet of Insecure Things'.
“Prioritising security in every internet connected embedded device is essential to maintaining the integrity of the IoT,” said Barr Group CTO Michael Barr.
“As also indicated by our survey, for both new internet-connected and non-internet connected projects, developers are increasingly designing applications that use more than four CPUs per system. These complex systems significantly increase the potential attack surface and are inherently more difficult to secure. Failing to focus on security during the design process, especially for internet connected devices, may be putting the entire network and potentially the devices end users at risk.”
According to the 2018 survey, 25% of developers designing products for the IoT are working on devices that could kill or injure people if hacked.
Further compromising the state of IoT security, survey results reveal that engineers developing IoT devices are still neglecting to implement industry-recommended design practices known to raise security levels of embedded systems. Of the engineers designing internet connected devices:
- 54% lack regular code reviews
- 49% fail to perform static analysis
- 33% lack a written coding standard
- 17% lack a bug database
In addition, the survey found that fewer than half of all embedded engineers designing for the IoT encrypt their data. “These results are highly concerning,” Barr concluded. “Although there has been a modest increase in focus on embedded systems security during product design, we still have more work to do.”
2018 Barr Group Embedded Systems Safety and Security Survey Results at embedded world
Join Barr Group at Embedded World in Nuremburg, Germany, 27th February-1st March, 2018, for two special presentations highlighting more detailed results from the 2018 Embedded Systems Safety & Security Survey.
The following presentations by Barr Group CTO Michael Barr will take place at the Open Systems Media Embedded Pavilion located in Hall 3A, Stand 507:
- 27th February, 2018 (11:00AM–11:30AM CET): 2018 Embedded Systems Safety Survey Results
- 28th February, 2018 (11:00AM–11:30AM CET): 2018 Embedded Systems Security Survey Results
The complete 2018 Embedded Systems Safety & Security Analysis report will be available for download on 27th February 2018.
The findings of these surveys are illustarted below in the respective infographics.