Close

Cyber security in embedded SW design

Is it possible to create internet of things systems that are state-of-art in cyber security? Or IoT devices that are painfully hard to hack by cyber criminals and hackers? One thing is for sure: it is almost impossible to add security afterwards; security must be taken into account in the beginning of the product development project.

Create a security model for the product. Understanding your key assets and threats are core issues when creating the security model of your new product. Creating a security model means designing the security controls in such a way that identified threats are mitigated and the attack surface is minimized. These are the core principles of security by design.

 

Security by Design and DevSecOps

 

At Etteplan the security by design principle is taken seriously. For instance, threat modeling with help of a security expert helps our development teams identify the threats and design the proper mitigations. Threat modeling and other security tools and methods make products secure enough to be part of safety critical systems.

We call our process as DevSecOps (Read more about DevSecOps). Security is everyone’s responsibility and it is embedded in our R&D process.  The value of our service is that the customer doesn’t need to worry about cyber security when the product is ready.

 

Fuzzing is fun and the HW debugger is our favorite tool

 

One concrete practical example of our core competencies in cyber security is negative testing, e.g. fuzzing with the Bluetooth protocol. Fuzzing is one of the most effective ways to find 0-day vulnerabilities in the latest IoT protocols for instance. Read more about fuzzing here.

Also, passion for work with hardware, e.g. playing with oscilloscopes and different HW debuggers, makes our people superb hardware hackers!

 

Reading tip

 

A good read for understanding secure software development is Ficora’s (Finnish Communications Regulatory Authority) ’Turvallinen tuotekehitys’ guidelines: https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/publication/Turvallinen_tuotekehitys_003_2018J.pdf 

Harri Susi

Harri Susi

Team Leader, SW testing & Cyber security specialist
+358 10 307 2736
Ask Harri Susi a question or challenge us
When you submit this form, our specialist will be in touch with you by email or telephone. By submitting the form you accept our Privacy Policy.

More stories you might like

Contact us
Harri Susi
Harri Susi
Team Leader, SW testing & Cyber security specialist