Let’s say you’re a business leader and you must oversee the construction of a cutting-edge skyscraper that will become your firm’s new headquarters. Lacking a background in construction or architecture, your next step would likely be to enlist an architecture firm to help manage the project and create a custom building that can meet your organization’s needs.

In many ways, enterprise and industrial IoT projects are similar: They demand an architect with the experience needed to transform an array of disconnected technologies into a connected solution to a given problem. It’s no wonder that organizations with such a designated architect have a much higher IoT success rate than those without one. A 2017 Gartner survey reported that 76 percent of its clients with such a role felt prepared in tackling their IoT projects. For organizations that didn’t, the figure was 31 percent.

In a similar vein, Korea Electric Power Corporation (KEPCO), South Korea’s largest utility, has enlisted the help of Arm to jointly architect large-scale smart grid technology use cases. In the arrangement, Arm is providing Mbed IoT software and device management, hardware intellectual property for the Cortex-M33 processor, platform security architecture and consulting services. “They’re in the process of designing their next-generation smart meters, and we are helping them figure out what’s the right combination of processors, modules, security elements and so forth,” said Hima Mukkamala, senior vice president and general manager of IoT Cloud Services, Arm. “We work very closely with them on designing the architecture based on their requirements. It’s a pretty deep engagement with them.” That collaboration has Arm and Kepco teaming up for a collaborative development that spans from chips and hardware to the cloud. “We are not just saying: ‘This is our solution, go use it,’” Mukkamala noted.

The multi-year, end-to-end collaboration assigns Arm program managers to help KEPCO keep to their deployment schedule, while also assisting the utility in finding the ecosystem of partners it needs for the project. Arm is also working with KEPCO to ensure that their smart grid technology project can scale and deal with increasing heterogeneity of devices, connectivity options and protocols that can be added later.

Arm is also assisting with device management and ensuring that sensitive data gathered from the smart grid technology project doesn’t end up in the wrong hands. “The data cannot leave the country. It cannot leave the data centers,” Mukkamala said.

Security of KEPCO’s smart meters had become a growing concern as it plans on deploying some 20 million smart meters. “As part of our digital transformation project, smart utilities provide us with opportunities to increase efficiency, deliver better service to our customers and enable new use cases, but we also must ensure we’re delivering robust security,” said Dong-Sub Kim, executive chief technology officer for KEPCO in a statement.

To that end, Arm is working with KEPCO to further a multi-layered, defense-in-depth security strategy, which includes Arm’s end-to-end approach Platform Security Architecture. “PSA is one example of where we are trying to take what we’ve done over the last 25 years in terms of understanding security from different layers starting all the way at the bottom of the actual physical IP and then take it all the way to the top,” Mukkamala said. “The second aspect of it is ensuring that there are secure elements available for managing these devices. We can securely provision the credentials, the firmware updates and have a place on the modules that runs securely.”

Another aspect to Arm’s approach to help secure the KEPCO smart utility project is time. “Because we worked closely with manufacturers, we’re able to make sure that security becomes integral in all these stages of a device,” Mukkamala said. “You got to make sure even when the devices retired, it's still secure and that no one else is using the credentials for them.”

In the end, the security level of the project needs to scale as the project grows and regulatory-related security requirements increase. “When they came to us, one of [KEPCO’s] biggest asks was to help them increase the level of security over time. If you look at what governments accepted for security two years back, it’s not the same now, right,” Mukkamala said. As awareness grows of the potential threat of breaches to connected industrial and enterprise devices, more organizations, attorneys and lawmakers are working to hash out security-related guidelines. “I joke about this. I’ve spent more time with legal folks in the last year, more than my whole life because lawyers are becoming an integral part of cybersecurity and privacy, especially with things like GDPR coming,” Mukkamala noted. “Everything is becoming much more critical in terms of enterprises protecting their end customers.”