- Foundries.io celebrates sixth anniversary, announcing its forecast of trends to the end of this decade
- Embedded device OEMs expected to embrace new development and device management workflows, strengthening end-to-end security to counter growing cyber-attack threats from hostile states or AI technology
- Government programs, including the EU’s draft Cyber Resilience Act and the US’ National Cybersecurity Strategy, are formalizing requirements for OEMs to comply with security standards
Foundries.io today revealed its market outlook for the remainder of the decade, forecasting that government regulation and the risk of market share loss will drive embedded device OEMs to adopt rigorous new practices, ensuring end-to-end security for the life of all products.
The new insights come as Foundries.io celebrates the sixth anniversary of its founding in October 2017, a time when cybersecurity concerns were mostly limited to cloud computing platforms, and embedded application development practices paid little attention to the need for ongoing maintenance and security.
Today, cloud-native application development and AI use cases force embedded developers to take cybersecurity much more seriously. Looking ahead over the next six years to the end of the decade, Foundries.io expects embedded device OEMs to face an increasing number of security threats. The more hostile environment will be stoked by geopolitical tensions, and conflict with states that use cybersecurity as a military and political weapon. The security picture is also made more difficult by the emergence of AI-based software tools that can be used to generate and modify new forms of malware at high speed.
At the same time, according to Foundries.io’s leadership team, the growing use of open-source software (OSS) packages of uncertain provenance provides additional gateways for cyber-attackers to seed vulnerabilities in unprotected embedded products.
In response, a wave of legislation and security standards looks set to come into force, including measures already announced by the EU and US governments: the EU Cyber Resilience Act and the White House and Congress’ National Cybersecurity Strategy. At the same time, consumers’ privacy concerns and a growing awareness of the financial and reputational costs of security breaches will give OEMs a stronger incentive to invest time and money in strengthening their cyber defences.
Foundries.io’s forecast predicts that the embedded device industry will be highly motivated to implement new development and device management practices that prioritise security protection. New workflows implemented from the start of prototype development will allow for functions such as seamless over-the-air (OTA) updating, automatic generation and maintenance of a software bill-of-materials (SBOM) specific to each production unit, and cryptographically verified attestation of the sources of all third-party software packages in a device.
George Grey, founder and CEO of Foundries.io, said: ‘Device security is the defining issue of the 2020s for the embedded computing industry. We are no longer makers of ship-and-forget products: every embedded product in all its many variants needs to be continuously protected for its entire lifetime. The new challenge for device OEMs is to implement a smooth workflow that makes the delivery and installation of security updates to a heterogeneous fleet of devices automatic and flawless.’
He added: ‘OEMs will also need to put in place update and fleet management frameworks that can cope with new and unknown threats, such as the danger to current cryptographic algorithms posed by quantum computers.’
The Foundries.io forecast for the rest of the decade is based on analysis drawn from current customers and from the leaders of Foundries.io’s technology and product development teams. The forecast is being used to direct development of the next generation of Foundries.io’s award-winning FoundriesFactory® platform, and its Linux microPlatform™ (LmP) operating system for Arm® Cortex®-A, x86 and RISC-V® architectures.
New features under development in response to the analysis include tools for automatically attesting the source of open-source software packages, and a new enterprise option for OEMs to own a maintained DevSecOps backend which includes a secure air-gap update and secure OTA infrastructure.