As the growth of the Internet of Things (IoT) accelerates, it has become increasingly important to develop and implement security solutions to ensure that smart networks, connected vehicles, industrial control systems, smart factories and the like cannot be disrupted or attacked by outside actors, whether deliberately or randomly.
As a consequence, many stakeholders within the TIC (Testing, Inspection and Certification) sector are considering how they can develop and integrate the specific services or acquire the technical skills that would enable them to share in this “revolution” in smart objects, and how they can put together a unique proposition to stand out from their main competitors and assert their position in this new domain.
The article below aims to address issues in the functional security field, which is seeing the emergence of specialist pure plays, while major established TIC service providers have already begun to make significant investments.
Major categories of smart objects
According to the GkF Institute and as an example, revenues in the French market for smart objects exceeded the billion-euro mark in 2017, representing 33% growth over 2016, with sales of 5.2 million smart objects. The market was led by the Smart Home Segment (accounting for 57% of the sales with a 42% growth rate), followed by smart large electrical appliances (42% of revenue with an 80% growth rate), wearables (1.6 million products sold, with 66% being smartwatches for 16% growth), drones (460,000 products sold, up 22%) and electronic healthcare products (180,000 items).
However, while smart objects have experienced increasing popularity with private individuals over the last several years, their industrial use represents the true strategic interest for TIC service providers, with explosive growth in connectivity among sensors, robotics, machinery, and industrial systems.
As such, in a factory setting, the Internet of Things (IoT) is now used to track manufacturing and assembly processes via cameras and industrial sensors. Smart objects, which are highly useful in the management of vehicle fleets, are also used to ensure that services such as a peer-to-peer ridesharing or food delivery are managed effectively. In the medical sector, they help to optimise the use and dosage of medication, to prevent some diseases more effectively, and to reduce medical mistakes.
What risks inherently accompany the use of smart objects?
The large-scale deployment of smart IoT tools necessarily raises questions of reliability, vulnerability, and security. A study, which was carried out by HP Fortify in 2014 demonstrated that 40% of smart objects had vulnerabilities that were easily exploitable by hackers or other malicious actors. The rapid growth of the IoT is not without risks, not least because these risks now extend from the virtual into the physical world. In an industrial or professional setting, it has become necessary to implement a protective strategy and to deploy innovative security tools.
To ensure their effectiveness, these tools must not only take the objects themselves into consideration, but also the entire scope of the area that is vulnerable to attack. This includes the physical object, its software, the database, and three distinct target groups: consumers, manufacturers, and developers. The risks that are specific to each area of activity can, therefore, easily be analysed via effective analytical tools.
What is functional safety?
The change in approach triggered by the growth of the IoT raises questions that go beyond the question of the security of consumer data. Faced with rapid changes in technology and operations, environmental and technical risks also need to be taken into consideration. This is the role of functional safety, which aims to ensure that systems remain secure when exposed to random events such as component failure, environmental influences (such as humidity and electromagnetic emissions), loss of connectivity, handling errors, and software failures or defects.
In the context of smart objects, the aim of functional safety is simple: to reduce the risks arising as a result of using these objects through the use of automated security systems. These systems are inherently derived from a holistic approach to consider the system as a whole.
In general, industry has been concerned with functional security for a long time. For example, the IEC (International Electro-technical Commission) published the IEC 61508 standard as far back as 1998 and which, in the field of functional safety, operates as a reference framework for sector-specific standards such as IEC 61511 for processing industries, IEC 62061 for the manufacturing sector and IEC 61513 in the nuclear industry. However, to date, few functional safety standards are applicable to smart objects across the board. Many organisations, such as the IIC (Industrial Internet Consortium) and the IEEE (the Institute of Electrical and Electronics Engineers) are working to close the gap, as are the outcomes of a number of standardisation projects, such as Qualcomm’s AllJoyn interoperability protocol for the Internet of Things. In parallel, a TIC (Testing Inspection and Certification) organisation like UL has launched in April 2016 its own ‘Cybersecurity Assurance Program (UL CAP)’ to help manufacturers demonstrate the level of security of their products and systems.
Functional safety: a strategic growth opportunity for the TIC sector
For a couple of years now some of the preeminent players in the TIC market have been strengthening their offerings by investing in the functional safety market, often organically, and in the cybersecurity market, frequently by making acquisitions, as both disciplines relate to the same industrial security field.
As such, German company Dekra opened a dedicated centre in Malaga, Spain, to test connected cars, while acquiring the Madrid-based Spanish cybersecurity company, Epoche & Espri, in parallel.
As such, a number of leading TIC services providers have accelerated the growth of their cybersecurity practice by making acquisitions: TUV Rheinland acquired OpenSky (US) and Secaron (Germany) in 2014, UL acquired InfoGuard (US) in 2015, BSI acquired Espion Group (Ireland) and InfoSecure (UK) in 2016; Intertek recently acquired Acumen Security (US) and NTA Monitor (UK); and Nettitude (UK) was bought by Lloyds Register in March 2018.
In parallel, some specialist functional security company have benefited from the thriving market to emerge as market leaders, including Vector Consulting in Germany, kVA or Exida in the US and Engineering Safety Consultants or FSES in the UK.
As for cybersecurity, the explosion in smart objects places functional security again at the heart of manufacturers’ and users’ concerns but also high up on the list of priorities for the main providers of TIC services to strengthen their strategic positioning. The discipline itself is not new but it is a potential source of significant growth for the foreseeable future.