12. A common mission drives us forward: Making the IoT secure

When we speak about making the IoT work, we should always include one essential cornerstone: making the IoT secure. Finding ways to protect sensitive data, intellectual property, and personal privacy is paramount for smart technologies and devices to get adopted widely. However, IoT security is too often overlooked when people start thinking about innovative solutions. With our ecosystem partners we do our best to create trust in the digital world. In this episode we welcome Günther Fischer as guest. Günther works as a Senior Licensing and Protection Consultant at WIBU-SYSTEMS, an innovative technology leader in the global software license entitlement market. And together, we have made it our mission to make the IoT secure.



Transcirpt

Guest: Günther Fischer, Licensing and Protection Consultant at Wibu-Systems
Date of publication: 02 May 2022

Moderator:

The potential of the Internet of Things is well known. But how do we actually implement it? How can people and companies benefit from it? In this podcast, we meet experts from infineon, partners and customers who tell us how it can work and what it takes to Make IoT work. My name is Thomas Reinhardt, I am your host, and I am excited to have this great opportunity sharing this podcast with all of you.

When we speak about making the Internet of Things work, we should always include one essential cornerstone: making the IoT secure. Finding ways to protect sensitive data, intellectual property, and personal privacy is paramount for smart technologies and devices to get adopted widely. However, IoT security is too often overlooked when people start thinking about innovative solutions. Yet we all know: Security is key. To make it really work, the IoT has to be secure.

With our ecosystem partners, here at Infineon we do our best to create trust in the digital world so users, enterprises, and organizations can rely on and at the same time unleash the full potential of the IoT, by having the confidence that their personal data, sensitive information, or industrial IP remains safe and unaltered.

That's why I'm delighted to welcome my guest today, Günther Fischer. Günther works as a Senior Licensing and Protection Consultant at Wibu-Systems, an innovative technology leader in the global software license entitlement market. And together, we have made it our mission to make the IoT secure. Günther, great to have you here today.

Fischer:

Thanks so much for inviting me. It’s great to join you today.

Moderator:

Supply chain attacks, AI-based spear phishing, and hybrid work - the cyber threat landscape remains tense. Cybercrime-as-a-service is becoming a common business model and attack tactics are evolving almost by the minute. But most people think that embedding security into systems designs is a very complex thing to do. Everybody sees the importance and the need for it, but: How can we support our customers and make their life easier?

Fischer:

As I see it, in order to support our customers with their security concerns, it won’t be enough to offer a high-quality, comprehensive holistic portfolio of products and solutions. At Wibu-Systems, we also know how important long-term and reliable relationships with our customers, distributors, and ecosystem partners are to ensure optimum results for all players. We can only create groundbreaking innovations for the Internet of Things if we work together – and that also goes for making it truly secure.

Our partnership with Infineon is a wonderful example for this. We’ve been working together for a decade now, united by the ambition of guaranteeing security and privacy in embedded systems and creating trust and confidence in the opportunities of the IoT. Together, we are providing the security solutions that fit our customers’ needs. That means: The right level of security without compromising on ease of use.

Moderator:

And what exactly does this cooperation look like? What solutions do we – Wibu-Systems and Infineon - offer?

Fischer:

Our mission is to deliver the most secure, unique, and highly flexible technologies to software publishers and intelligent device manufacturers. We have developed a suite of hardware, software and cloud-based solutions dedicated to protecting the integrity of the intellectual property included in all sorts of digital assets. Our product portfolio supports a wide variety of target systems that includes personal and industrial computers, embedded systems, IoT and IIoT devices, mobile units, PLCs and microcontrollers, with a look at SaaS systems and virtual environments as well.

As software has become ubiquitous, over the years, we have broadened our focus to address the needs of not just B2B software publishers, but also the actors playing a key role in industrial automation, healthcare, and finance. With a vocation to provide the makers of connected devices with industry-grade units, we have powered our entire hardware product line with Infineon's SLx 97 security controllers, which prove to be an excellent choice for data security and the integrity of computers and embedded systems in smart factories.

We also integrated the embedded variant of CodeMeter - our flagship solution for software protection, licensing, and security - with Infineon’s XMC4000 industrial microcontroller family. Software developers for FPGAs and microcontrollers can now protect their application code and intellectual property against reverse engineering and implement license control systems.

Moderator:

That sounds like a great and successful collaboration for all parties involved – especially for our customers. I would like to come back to the topic of industrial automation and smart factories. Let’s discuss it in more detail. Many manufacturing companies are adopting Industry 4.0 technologies – but not without facing challenges. In your opinion, what are the major hurdles in developing smart machines and devices to make the Industrial Internet of Things work?

Fischer:

One issue that comes up more frequently than others is the security risk. The physical and digital systems that make up smart factories enable real-time interoperability - but they also create potential for an expanded attack surface. When numerous machines and devices are connected to one or more networks in a smart factory, a weak point in any one of them can leave the entire system vulnerable to attacks. To counter this problem, companies must identify the weaknesses in enterprise systems as well as machine-level vulnerabilities. Honestly, they are not fully prepared for security threats of this type.

Moderator:

So, establishing the necessary security level is one challenge. What else?

Fischer:

One of the biggest challenges - and this was already identified back in 2019 by ENISA, the European Union Agency for Cybersecurity - is still ensuring interoperability between different devices. The lack of interoperability is often related to specific proprietary protocols used by Industry 4.0 devices. When you use devices and platforms from different manufacturers, ensuring interoperability is not always possible. However, the concept of interoperability refers not only to communication protocols or different application frameworks. In the complex supply chains of Industrie 4.0, people are beginning to speak about security interoperability, which means common security foundations across all platforms, devices, protocols, and frameworks. The weakest link can have a detrimental effect on the entire chain. So ensuring a single common cybersecurity layer for all of these elements is a major challenge. 

Moderator:

And how can we help solve this challenge?

Fischer:

Again, a great example is an association of companies - in this case, more than 90 members who are experts in Industry 4.0 products and solutions: The Open Industry 4.0 Alliance. This alliance acts as a partnership of leading European industry players who participate in implementing cross-vendor Industry 4.0 solutions and services for manufacturing plants and automated warehouses. The products and services developed by the members can easily be integrated into their customers' operations. This helps propel digitization and the digital transformation of operators' production facilities, company branches and warehouses, with a sense of purpose.

One important milestone will be the upcoming edition of Hannover Messe end of May, where the Alliance will present its 'Open Industry 4.0 Alliance Community App Store'. The app store contains hardware-independent apps suitable for industry.

We are currently working with the Alliance to implement copy protection and protection against reverse engineering for container-based apps - a very exciting topic that will also be part of our exhibit.

Moderator:

That’s a great example of how we are working together to make the IIoT not only real and easy, but also secure. What else is there to expect in the future?

Fischer:

As you know, our motto is "Perfection in Protection, Licensing, and Security". Because that is what creates trust. Trust holds the fabric of our society together, but trust is also the most fragile and perishable commodity we have. Modern industry is so highly interconnected and complex; the question of who and what to trust has become the one to determine the success or failure of our digital future.

And again, we have teamed up with well-known partners for this, including Infineon: The VE-ASCOT project was initiated to develop a dedicated Chain of Trust platform for the highly sensitive field of semiconductor component production. Semiconductors are just everywhere in modern life, so tampering with their production would allow attackers to target virtually every aspect of our economy, society, and politics.

As part of the German federal ZEUS Trusted Electronics Initiative, VE-ASCOT contributes to our vision of technological sovereignty by strengthening and securing this critical area. It does so by linking the electronics value chain to another, more durable and reliable chain of trust. In the end, it’s about true security by design.

Each link or "record" in the proposed chain of trust represents part of the component's identity. We use cryptographic methods to ensure their integrity and authenticity throughout the product lifecycle.

Moderator:

It's impressive what we can achieve together. Thank you very much, Günther, for these insights into the projects we are working on together, for more secure smart factories for our customers, and for a more secure IIoT in general.

This brings us to the end of this episode. Dear listeners, for more information, please visit infineon.io. We will publish the next episode soon. Until then, take care and goodbye.