Part 2: Exposing information about electronic and software is critical for product security
by Oleg Shilovitsky @ Beyond PLM
To view part one by Oleg, Software and Security of Connected Products, please click here
The complexity of modern manufacturing products is raising questions about how to manage a multidisciplinary information located in products - mechanical, electronics and software. The software element was largely missed part in product data and lifecycle management solutions.
It's absolutely critical to expose the appropriate information about electronic and related software while improving product security.
The need to expose more information about vehicle electronics and software
The future of “connected cars” crashing down on auto buyers in North America and Europe. Modern automobiles are already very complex devices with lots of electronics and software - but it’s getting even more complex.
US and European automakers will need to be more aware of the chips they put in their cars, an indication about the growing complexity of car electronics - and its connection to cybersecurity-related issues. I found the following passage interesting [Forbes article]:
"With the modernization and electrification of vehicles, electronics as a percentage of the BOM of the car has skyrocketed. This will only become a higher percentage as piloted and self-driving vehicles start to become more commonplace. Up until this point, silicon brand and security hasn’t really mattered all that much as long as the functionality was there. As a result, vendors simply implemented whatever met the utility, was more cost effective, and what passed regulatory rules."
Connected products are exposed to potential problems of software (including open source).
Smart products are bringing a new level of complexity everywhere. It starts from engineering and manufacturing where you need to deal with complex multidisciplinary issues related to combination of mechanical, electronic and software pieces. The last one is a critical addition to product information. Each bill of materials (BOM) has to cover not only mechanical and electronic parts, but also software elements.
Another aspect is related to operation of all smart products. Because of connectivity aspects of products, the operation is required to deal with software, data and other elements that can easily turn your manufacturing company into web operational facility with servers, databases, etc.
As soon as devices are exposed to software, the problem of software component traceability becomes critical. Configuration management and updates is a starting point. But, it is quickly coming down to security, which is already very critical today.
"How secure are your open-source based systems?", a recent GCN story, speaks about some of the problems of security in open source software. Here is my favorite passage:
“According to Gartner, 95 percent of all mainstream IT organizations will leverage some element of open source software – directly or indirectly – within their mission-critical IT systems in 2015. And in an analysis of more than 5,300 enterprise applications uploaded to its platform in the fall of 2014, Veracode, a security firm that runs a cloud-based vulnerability scanning service, found that third-party components introduce an average of 24 known vulnerabilities into each web application.”
To address this escalating risk in the software supply chain, industry groups such as The Open Web Application Security Project, PCI Security Standards Council and Financial Services Information Sharing and Analysis Center now require explicit policies and controls to govern the use of components.
Smart products are also leveraging open source software. The security of connected devices and smart product is a serious problem to handle. This leads me to think about how hardware manufacturing companies can trace software elements and protect their products from a potential vulnerability.
The complexity of automobiles and specifically car electronics will increase the demand for sophisticated data solutions to manage each BOM for all major components - mechanical, electronic and software. Undermining potential risks of software and not paying enough attention of management of software bill of material can lead to modern product failures with high cost of implementation for manufacturing companies.
To learn more about the importance of Test Management, navigate to the following Polarion white paper - Testing the Internet of Things
To learn more about accelerating of automotive innovation, navigate to the following Polarion white paper - Accelerate Automotive Innovation to Top Speed While Controlling Risk at Every Turn