David Hughes, founder and CEO of HCC Embedded, talks with Steve Rogerson in our series of interviews for CIEonline.
Dave Hughes founded HCC Embedded, a developer of re-usable embedded software components, in 2000. The company now supplies many of the industry’s major technology providers. Hughes is a hands-on embedded specialist, who still actively contributes to the strategy and direction of HCC’s core technologies. His experience has made him one of the industry’s leading authorities on fail-safe embedded systems, flash memory and process-driven software methodologies.
He has gained a broad range of engineering expertise over a period of nearly 30 years working on various embedded systems, beginning as a firmware engineer for Mator Systems, from 1985 to 1993. He began his career writing embedded protocol convertors in 8051 and z80 assembly language for many protocols including Serial, x.25, IBM2870/3270, ISO and TCP/IP. He has held several firmware management and consulting positions in the networking, communications and industrial automation markets, including firmware team manager for Specialix Systems from 1993 to 1997, followed by consulting in the embedded industry for two years, and then as a firmware manager with Age from 1999 to 2002. His specialties include Can, DeviceNet, PPP, Profibus, SNMP, TCP/IP and remote serial protocols. He is a graduate of the University of Sussex in England.
In addition to spending time with his three young children, Hughes enjoys paragliding – he has flown all over the world including the Sierra Nevada, French Alps and Himalaya mountain ranges. He is also an avid cycler, mountain and road, and likes to think about challenges in the embedded software industry while commuting by bicycle to work everyday.
1. High profile software failures are giving the industry a bad name; what is going wrong?
There are different areas and different problems. But there is a lot that is going right – aeroplanes, nuclear reactors and so on are incredibly reliable and that is no accident. There are bodies that define the software for these industries. This is the same for automotive. In the Toyota case, they didn’t follow the guidelines. It was designed to very poor standards. Clearly, the standard were not followed from a software point of view.
If you look at security failures, they are all in industries that don’t have standards for product development. Security applies to simple IoT devices that are not controlled by standards whatsoever. So when OpenSSL released the version with the bugs, it was loaded though nobody knew what quality of software was needed to keep their customers secure. They took a piece of free software and used that to protect our data. They have no defence for doing that.
The security issues are there for any device connected to the internet. An exercise bike could have software connected to the internet to keep information about your health and you may think that does not need to be secure. But it could give people access to data on your health or, say, on the health of the England football team. The trouble is there are no dedicated vertical bodies looking after security because the market is not vertical.
There is also a trend to devalue software in silicon in the industry. The silicon vendors want to give the software away for free, so there is less money for those trying to develop high-value software for the embedded market. So you get software designed for evaluation that ends up in end products. The whole process does not help the development of high-quality software.
2. HCC recently opened an office in Texas in addition to the office in New York. What are the company’s plans for growth in the USA?
We see the USA as a great market for products developed all over the place. We want to spread the word wherever we go. Being in Texas gives us access to silicon providers such as Freescale, Texas Instruments, Spansion and Silicon Labs.
We’d love to have an office in California as well; give us a couple of years. But Austin has a better focus for embedded systems. Silicon Valley is more diverse – you have the apps developers and others that make the area not as focussed on the deep embedded space.
3. What are the security dangers with smart metering?
There are several aspects. The meter companies want a tamper-proof system that nobody can reverse engineer. You need the necessary encryption so nobody can spoof the meter. You have to make sure the code is designed for the hardware with some kind of key exchange, though there are other ways.
Then there is the security issue that you are producing data that are going over public networks and that could be eavesdropped on. You want to protect against that. I am sceptical about the raw value of meter data. But tampering is an issue – someone could increase the meter reading of someone they didn’t like. And any tampering will damage the reputation and they don’t want that. They want long-term reliability.
You can’t attack the rest of the grid from the meter. They are though connected over public networks, so you could get access anyway, but they keep grid management completely separate from this.
You don’t have to worry about someone hacking a single meter. What you don’t want is a general way of getting to the software. If each is individually encrypted, if you hack one meter, you haven’t hacked all meters. But never underestimate the lengths people will go to to do this. You have to make it hard work so it can’t be done en masse.
4. Why do you like flying over mountains?
They are beautiful. It is a challenge, both a mental and physical challenge. I started paragliding in 1996. I loved climbing mountains but I didn’t like walking down them. One of my highlights was flying over the Himalayas when eagles joined me. There were about eight flying beside me. And then they suddenly dispersed and then I hit bad turbulence that forced me down, so they clearly knew more about what was happening than me. So when I started going up again, they joined me again, and when they dispersed this time I moved as well to avoid the turbulence.
I haven’t done it now for about a year due to family commitments, but I’d like to get back to it soon. It takes up a whole day, because you have to sit around waiting for the weather to be right. These days I go mountain biking because you don’t have to wait for the right weather.
5. You are exhibiting at Embedded World again. What do you get out of shows such as that?
Every time you walk away from Embedded World, you feel there are huge amounts of things you want to do. You walk away feeling excited. Just about all the embedded industry is there and it is a great buzz to talk with all those people about what is going on. It is a great place to catch up. We do customer meetings but the best part of it is the industry getting together and a chance to catch up with people. I have conference calls all the time but the only way I get to meet them is Embedded World.