|
|
(303) 415-1112
Broomfield
(970) 541-4777
Loveland
Sept 2020 - Vol 13, Issue 8
|
|
Lattice Semiconductor Partnership Announcement |
CEPD is proud to announce it's acceptance into Lattice Semiconductor trusted third party design program.
|
|
|
New Standard In IoT Security |
|
With the ever growing number of internet connected consumer products, stories of vulnerable Internet-of-Things (IoT) devices continue to make their rounds in the news – and for good reason. Devices like Amazon’s Ring smart security camera doorbell, which can be accessed remotely via the web, have recently come under legal scrutiny. A class-action lawsuit alleges Amazon’s lack of IoT security features led to a significant amount of trouble for its users – ranging from harassment to extortion - at the hands of hackers. And the Ring is far from unique in its susceptibility to attacks. Connected devices ranging from municipal security cameras, televisions, lightbulbs, coffee machines, printers, and refrigerators have been fallen victim to determined attackers.
This year a new standard in cybersecurity targeting IoT has been published by ETSI Technical Committee Cyber Security (CYBER). This standard, EN 303 645, aims to provide a set of baseline provisions applicable to all consumer IoT devices in order to facilitate development of secure systems. Provisions that the standard outlines include: No universal default passwords, creation of means to report vulnerabilities, software updates, secure storage, secure communications, minimization of attack surfaces, reliable software, power outage resilience, telemetry data scrutiny, ease of private data deletion, ease of maintenance, and data input validation.
Each provision in the ETSI standard includes a set of sub provisions with examples of how a system might conform. For example, under section 5.6 titled “Minimizing Attack Surfaces”, the first sub provision states “All unused network and logical interfaces shall be disabled”. And section 5.10 “Examine system telemetry data”, gives the example “Telemetry from multiple devices allows a manufacturer to notice that updates are failing due to invalid software update authenticity checks”.
Following these guidelines, as well as complimentary standards such as ETSI TS 103 701, which outlines provision assessment, and ENISA Baseline Security Recommendations, will help ensure a secure product protecting you and your clients from the liability of attack.
Call CEPD! We can help you design security hardened IoT features into your products! -SD
|
|
If you would like help developing a new product or if your projects are understaffed, CEPD can help. Our staff draws on years of diverse product design experience to provide creative and timely solutions for your product needs. Some of our specialties include:
- Technical Project Management
- Embedded Systems Hardware and Software
- Digital Signal Processing (DSP)
- Data Acquisition
- Wireless Sensor and Telemetry Systems (Zigbee, Cellular, VHF, Bluetooth, ANT+, etc.)
- IoT
- Control Systems
- Programmable Logic: FPGA / PLD
- Analog Circuit Design
- Switching Power Supply Design
- Battery Charging (all Chemistries)
- PCB Design and Layout
- Analysis, Test and Documentation
We provide cost effective and expedient design options for our clients, regardless of the project's complexity. Our detailed proposals, accurate estimates and time schedules will help you manage each phase of the project.
|
|
Sincerely,
The Staff of CEPD, Inc.
Colorado Electronic Product Design, Inc.,
700 Burbank St, Broomfield, CO 80020 (303)415-1112
1339 S. Garfield Ave, Loveland, CO 80537 (970)541-4777
© 2020, CEPD, Inc.
|
|
|
|
|
|
|
