Eurotech explains why “security by design” must be at the core of every IoT deployment
When it comes to the Internet of Things (IoT), good cybersecurity practices aren’t just an optional extra, like buying a fancy case for your new smartphone. They need to be built into devices from the ground-up as a fundamental building block for connected devices.
Few companies in the space understand this better than Eurotech, one of the most trusted and leading enablers of Industrial IoT solutions.
Recently Eurotech’s Edge Gateway ReliaGATE 10-14, integrated with the software platform ESF, joined a small, elite group of products to achieve both IEC 62443-4-2 and IEC 62443-4-1 cybersecurity certifications. In doing so, it provides a simple and safe foundation to simplify IoT connectivity, as well as enable computing and AI deployment on the network Edge.
Paul Chawla, CEO of Eurotech, spoke with us about why his company is so deeply invested in what he calls “security by design.”
In lay terms can you explain the significance of the IEC 62443-4-2 and IEC 62443-4-1 cybersecurity certifications?
IEC 62443 is a series of internationally recognized standards that specify the process and product requirements for the secure development of Industrial Automation and Control Systems (IACS). We try to show our customers that not only do we have technical skills, but that those technical skills have been applied to a secure development process, to secure the lifecycle of the products that we make, and with third party assessments of those skills.
The IEC 62443-4-1 certification specifies process requirements for the secure development of products, ensuring the highest levels of cybersecurity throughout the whole product and application lifecycle. Achieving this certification confirms that Eurotech’s integrated solution is developed with a “cybersecurity by design” approach and has embedded security best practices in its DNA, ensuring safety at every stage of the product lifecycle management, including vulnerability response assessments.
The IEC 62443-4-2 standard addresses the security of the components (hardware and software) that must be integrated into industrial automation and control systems. So starting with certified components, system integrators, and asset owners can extend the certification to the application level. An important concept highlighted in this standard is the one of “hardening,” which implies that devices and software must integrate specific security features to ensure a further level of protection against cyber-attacks.
Why is cybersecurity accreditation overall so important?
The biggest obstacle delaying widespread deployments of IoT is cybersecurity. To give businesses the assurances they need that their deployments will be safe from attacks, all vendors and manufacturers of IoT or Edge computing hardware and software must strive to achieve the most prominent security standards. Only when organizations are confident that they can connect their valuable assets and products safely and reliably will we start to see a wider rollout of IoT deployments across sectors.
Earlier, you mentioned cybersecurity by design. What is the significance of the “by design” part as opposed to approaches to instituting cybersecurity?
Our solution is designed with cybersecurity best practices embedded in its DNA, meaning operators can rely on a safe and protected environment throughout the whole product lifecycle. Our products are designed with security at the core rather than as an afterthought or as a “nice to have.” Hardware by itself can be safe. Standalone software can also be classified as safe. But in our case integrated hardware with software means that one plus one is more than two. This combination by design brings higher value and security.
What are the big cybersecurity threats you’re helping to defend against?
Cyber attacks are becoming increasingly sophisticated, and the increasing number of devices deployed in IoT applications have become potential access points for hackers.
Our secure devices help users defend against Botnet software, Ransomware attacks, Spyware, Trojans and viruses and worms, and a host of other threats at all levels, from hardware-level security to Edge software and Edge-to-Cloud communication to Cloud platforms.
Do you think the approach you’re taking will become standard for IoT devices everywhere? How long will this take?
I think we are in a transition phase. Just as with every change, we see companies that are waiting and seeing where things are going, and they don’t want to be early adopters. It is up to the tech sector to champion a standards-based approach to security in IoT. Achieving accreditations takes commitment and time, but the threat of increasingly sophisticated cyber-attacks is driving demand for these standards, so hopefully we’ll start to see others taking the security of their solutions as seriously as we do.
How advanced are users’ knowledge when it comes to cybersecurity as relates to IoT and Edge computing? Is this something being demanded by customers yet or are you proactively dealing with a threat that isn’t on most people’s radar yet?
We see different industries and different customers with different levels of maturity and understanding of the IoT security problem. We see that 90% of the decision-makers deployments are not safe and actually hold up their IoT digitalization process because of these security concerns. So they do realize it’s a problem. But they do not necessarily, especially coming from the OT space, have the in-house expertise to address it.
The IoT ecosystem of products can be complex. By gaining these accreditations we’re offering our customers the reassurance they need that our solutions are secure.
Of course, there will always be those users who realise there are vulnerabilities in their system only when it’s too late. Our aim is to educate the market that a security-first approach should be adopted when planning a new deployment.
Learn how Eurotech’s integrated hardware and software solution is secure by design.
Born in London, after graduating in Nuclear Engineering at the Polytechnic of Turin, Paul Chawla embarked on a brilliant career of 27 years in the automotive components and advanced electronics industry, holding leadership positions in several countries (Italy, UK, Switzerland, Germany, India, the Netherlands and the United States), managing global growth strategies with international business and teams, and products with various technological contents. In 1999, after three years at the FIAT Research Centre in Turin and three years in England at Rieter Automotive, Chawla joined Johnson Controls (a multinational company listed on the NY stock exchange), where he held roles of increasing responsibility: from product development to business development, sales and general management, until becoming CEO of JC India in 2010. In 2014 he joined Sensata Technologies, a listed company and world leader in the production of sensors and SW for the Industrial, Transportation, Healthcare, Aerospace and Energy sectors, initially in the role of Managing Director Europe & Latin America and then becoming global head of the automotive business in 2018, where he redesigned the development strategy and growth by external lines, implementing an agile, fast and innovation-oriented organizational model.