As debate rages over whether the massive blackout in Mumbai last year was the result of a cyber attack, the issue of addressing cybersecurity, as it has become the norm in recent years, is a prominent part of the compact world of 2021. October, Mumbai, India’s city of 20 million and the country’s financial capital, is largely paralyzed by power cuts of several hours during peak working hours. According to a new report by the intelligence firm Recorded Future, its analysis of network traffic analyzes indicates the occurrence of hacking activity by the attackers. Ten organizations in the Indian energy sector, including a number of centers responsible for operating the power grid, have been targets of attack in a coordinated campaign against vital infrastructure in India. In the era of the Internet of Things (IoT), if this is a cyberattack as suggested, then this is just one example of the potential outcomes of complacency with security and compliance policies. In this article, we look at some of the hardware and software security announcements around the world Embedded 2021, from the root of hardware trust to security suites, continuous device management, and compliance. Compliance is a challenge for every IoT organization, especially given that most applications are unique, and formal certification methodologies are costly and time-consuming. This is why the IoT Security Foundation, a non-profit industry association, developed the IoT Security Compliance Framework, enabling organizations to build a self-certification methodology that aligns with the 13 best practices recorded in the UK and Europe through Safe Design Guidelines . Secure Thingz / IAR Systems Compliance Group To address this, Secure Thingz, a subsidiary of the IAR Systems Group, has announced its Compliance Package, a suite of tools and training specifically aimed at providing embedded developers with a simplified pathway to build best-practice compliant applications. European EN 303645, UK and Australia 13, and the US Cybersecurity Improvement Act (NISTIR 8259). The suite includes a set of pre-configured development tools and security contexts that enable developers to quickly implement key aspects of the guidance, such as using advanced hardware security pockets to protect the information provided. Coupled with these tools is a set of training and support resources that link the functional requirements with the certification requirements identified in the IoT Security Foundation Compliance Questionnaire, ensuring rapid implementation that meets international requirements. Compliance is a step towards obtaining formal certification from a third party, such as the Global Platform for Internet of Things Platform (SESIP) Security Assessment Standard (SESIP) and Arm PSA requirements. By implementing the IoT Security Foundation Compliance Framework, developers align their organizations with best-in-class methodologies, enabling them to meet and exceed evolving industry requirements. Compliance Suite provides a suite of security development tools to extend the IAR Embedded Workbench development toolkit; It includes the security development tool, C-Trust, as well as a set of pre-configured security contexts for both mainstream microcontrollers and advanced security devices. It also includes a set of training courses that cover the safe implementation of achieving compliance and revealing regulatory weaknesses. Next-Generation Hardware RoT: Lattice Sentry Stack 2.0 In a white paper co-authored by the Cloud Security Industry Summit (CSIS) with the Open Compute Project (OCP), CSIS said: “Firmware is a significant threat factor to computer systems, devices, and Associated infrastructure. If the first code that is executed on the device is compromised when it is running, then the entire system can and should not be trusted as safe. Firmware can be compromised through malicious attacks or unintentionally. ”To address this, Lattice Semiconductor announced About a new release of its Lattice Sentry that addresses the rapidly evolving security requirements of current and emerging server platforms, by providing an efficient and secure way for developers to rapidly implement improved system and encryption applications. The new Lattice Sentry 2.0 package supports firmware security by enabling trust root (RoT) solutions Next-generation hardware compatible with NIST Platform Firmware Flexibility Guideline (PFR) (NIST SP-800-193) and 384-bit encryption support. With the Sentry stack, developers can add robust firmware security support for system control applications based on PLDs for secure Lattice control, and create a hardware RoT foundation to verify the legitimacy of all instances of firmware in the system. Lattice Sentry 2.0 can be customized inside Lattice Propel (Image: Lattice Semiconductor) Sentry 2.0 key features include: Increased security – Sentry suite of solutions supports Lattice Mach-NX FPGA secure control and a secure closed IP block that enables 384-bit encryption (ECC-256/384 and HMAC-SHA-384) to better secure firmware protected against unauthorized access. Support for 384-bit encryption is a requirement of many next generation server systems. 4X faster pre-boot authentication – Sentry 2.0 supports faster ECDSA (40ms), SHA (up to 70Mbps), and QSPI (64MHz) performance. These features enable Sentry 2.0 to deliver faster boot times that help reduce system downtime and reduce exposure to firmware attack attempts during the boot process. The ability to monitor up to five firmware images in real time – To extend the RoT to PFR-enabled devices enabled by Lattice Sentry, the stack is capable of real-time monitoring of up to five mainboard components in a system at boot and during operation Continuous. Competing MCU-based security solutions, for example, lack the processing performance to properly monitor many components in real time. Lattice Sentry 2.0 can be customized within Lattice Propel (Image: Lattice Semiconductor) Sequitur’s EmSPARK: Focuses on Arm TrustZone level security. Enabling device protection on devices based on the Arm TrustZone architecture, Sequitur Labs’ EmSPARK Security Suite software aims to enable IoT device manufacturers to easily embed device-level security by addressing technical challenges, supply chain and business processes. Security functions supporting encryption, storage, data transfer, and key / certificate management are delivered by EmSPARK and are placed in a secure environment. With support from Microchip, NXP Semiconductors, STMicroelectronics, and Nvidia, Sequitur Labs announced a new package of deployment options for EmSPARK – Basic and Advanced Package. The ‘core’ package provides essential security defenses for IoT applications in a turnkey solution that is easy to install, integrate and manage; Key features in this package include secure boot, firmware updates, hardware failure recovery, and software provisioning. The ‘Advanced’ package provides a full suite of security features and functions to protect devices at all stages of their life cycle; This includes a robust suite of API and trusted applications for advanced functions including key and certificate management, secure storage, encryption, cloud integration, and AI / ML forms protection at the edge of the network. Basic and advanced packages with EmSPARK Security Suite (Image: Sequitur Labs) This article was originally published in its sister publication Embedded.