Barr Group, The Embedded Systems Experts, has uncovered alarming information about the state of embedded systems design in its 2017 Embedded Systems Safety & Security Survey. This survey revealed that a significant percentage of embedded systems designers of potentially injurious products are failing to place emphasis on the security of their designs – even though they are internet-connected.
Approximately 28 per cent of the more than 1,700 qualified respondents (50 per cent from North America, 27 per cent from Europe, 14 per cent from Asia, and nine per cent from other geographies) indicated that the products they are designing now are capable of causing injury or death to one or more people (i.e., in the event of a malfunction). Of such products, respondents anticipated that nearly half will always or sometimes be connected to the internet.
It is widely known that any computer connected to the internet – including a medical device or other embedded system – can be remotely attacked through hacking. Despite this reality, 22 per cent of embedded systems engineers working on safety-critical products that would be online said security was not even on their requirements list for the product. “This is dangerously inadequate planning that puts all of us at greater risk,” said Michael Barr, Barr Group CTO.
Survey findings also revealed that of the designers working on safety-critical projects that will be connected to the internet,
• 19 per cent follow no coding standards,
• 36 per cent use no static analysis tools, and
• 42 per cent conduct only occasional code reviews or none at all.
“When safety-critical devices come online, it is imperative that the devices are not only safe but also secure,” Barr said. “Considering the many security concerns that currently exist in the IoT, any connected device that has not been designed with security in mind is at risk for tampering, and the results for safety-critical devices can be catastrophic. By failing to design security into a device that is connected to the Internet – especially a safety-critical device, where lives are at risk – we are putting our heads in the sand.”
March 23 webinar to provide detailed analysis of survey results?
Barr Group will host a free webinar on Thursday, March 23, 2017 at 1PM ET to discuss the findings from the 2017 Barr Group Embedded Systems Safety & Security Survey. To register for the event, go to http://barrgroup.webinato.com/registration/pid=52571487866632.