Tactical Network Solutions Affirms IoT Security Standards Must be Built on Universal Secure Coding Practices

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Tactical Network Solutions Affirms IoT Security Standards Must be Built on Universal Secure Coding Practices

There’s a constant rumbling about IoT standards, but little talk on how they must be built.

COLUMBIA, MD: A recent article published on InnovationAus.com discussed the growing demand for IoT standards, specifically as they relate to building smart cities. The piece focused mainly on the need for “interoperability and security protocols to take advantage of truly smart cities potential” and quoted a local official who stated, “‘The notion of creating a framework of trust based on common principles that each of the varying security protocols can adhere, and incorporating smart cities, is part of the highest mountain to climb.’” The piece made fair points on the need for IoT security standards, but like many articles and commentaries that address this realm, it shared little information on how they would be built.

The conversation around security standards often lacks true substance and does not include details, specifically regarding one fundamental element: secure coding for embedded, connected devices. “Secure coding practices – that were used heavily in the past – create the foundation for secure IoT products,” notes Terry Dunlap, Founder & CEO of Tactical Network Solutions. “Most connected devices built today include insecure code, as evidenced by the growing news of hacked and ‘owned’ devices. Many people don’t practice secure coding or talk about it anymore.”

For the conversation about secure IoT standards to have meaning and take shape, it must include:

Discussion about secure coding practicesDefinitions of secure coding practicesUse cases showing both the inclusion and lack of secure coding on IoT devices

The topic of standards is not a new one. Those that are effective and have staying power are specific, clear and embody primary components at the outset. To build useful IoT standards, the IoT and embedded design community must accurately and fully define universal best practices that serve as the foundation for the standards.

About Tactical Network Solutions: Fortune 500 companies and governments around the world come to Tactical Network Solutions for our reverse engineering training programs, firmware evaluations and cyber risk mitigation strategies. TNS discovers hidden attack vectors in IoT and other connected devices using the Centrifuge IoT Security Platform to rapidly conduct firmware evaluations and mitigate cyber risks.


Interested in seeing if you’re firmware is securely coded?

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Tactical Network Solutions
Are you concerned about risky, vulnerable embedded firmware in IoT devices, connected medical devices, automotive ECUs and industrial control systems? You're not alone. Since 2007, Fortune 500 companies and governments around the world have sought out Tactical Network Solutions for reverse engineering training programs, firmware evaluations, and cyber risk mitigation strategies. Clients are excited to leverage our automated firmware evaluations and consulting performed with the proprietary Centrifuge IoT Security Platform. The evals are completed with NO access to source code on compiled images containing a Linux-based root filesystem compiled for either MIPS, ARM, or X86. We also support QNX (a real-time operating system) and Docker containers. TNS evaluations have revealed thousands of hidden attack vectors including erroneously placed private crypto keys, insecure binaries with highly vulnerable function calls and other rampant security holes on embedded firmware. Our community of clients includes firmware developers, underwriters, law firms, governments and intelligence agencies worldwide who share a common goal: to discover hidden attack vectors in IoT and connected devices.
Promoted Content
TNS Issues a Sample IoT Security Report Showing Backdoors in a Connected Device
First, the good news: The extremely high number of connected devices rapidly coming to market has consumers and manufacturers excited. The new IoT devices often include advancements, more effective data collection and greater ease of use. Now, the bad news: When the devices are not built securely, they also bring unnecessary exposure, vulnerabilities, and danger.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?