8 hours 10 minutes
Hi, I'm Matthew Clark. This is Module five. Secure development. Congratulations. We've completed module four. This slide shows our progress towards our certificate of completion.
Let's begin our new module with less than 5.1 product design hardware, part one. In this lesson, we'll take a look at hardware development, different considerations for it, and we will introduce the product development process. So let's get started.
The software and hardware industries exist in a symbiotic relationship with each depending on the other, for reason to exist. Silicon ships are useless without software, and software can only perform as well as the capability of the underlying hardware.
Although they exist together, both are separate industries with different characteristics.
The hardware industry, for example, is much more regulated. If you take the cover off Oven Elektronik device and look at all the white stamps and printed on the board, you'll see a variety of different things. For example, electrical safety in the US This is typically managed by the U L standards,
and those test for issues like fire and shock and overheating,
such as batteries. We've seen in the news where lithium batteries caused fires in the Department of Transportation has restricted the transportation of those
E M i and R F testing in the U. S. This is based on the FCC regulations. The products may intentionally are unintentionally emit EMR electromagnetic radiation
and that might interfere. Interfere with other devices such as a pacemaker, or there may be hazardous to the health. In other ways,
environmental regulations is something else to consider. Both Europe and California have really strict environmental regulations,
or you could have voluntary standards like the energy star rating that you want your product to comply with.
The type of product can also impact regulations. For example, if your product comes in contact with food in the U. S, it must be regulated as a food grade. Three. FDA will mandate what materials can come in contact with food.
So if you have a nyo T device that's going to be used with food, you'll have all these additional regulations to consider in your risk assessment.
And the types of regulations tend to make hardware manufacturers a little bit more risk adverse.
Where is the software industry does have regulatory concerns
as well. The recent privacy laws, such as the G, d, P. R and the California privacy law are making software developers consider different dated design requirements that they haven't previously,
and their industry specific regulations that DR specific requirements such as HIPPA and healthcare in G B L A. And socks in the finance sector
and developers have to be careful about what types of technology could be exported. For example, encryption source code, um, is prohibited from being exported in many countries because it could be used by terrorists,
and licensing and use of intellectual property are also large areas to consider.
So in this lesson, we're gonna take a look at some of the issues related to the hardware development side.
Welcome to hardware development 101
And this is not like software development, where you can quickly make a change with a few lines of code
in hardware, something doesn't work. You may need to make a change to the printed circuit board or in scrap a bunch of previously printed boards. And it's not always the fastest method to correct issues, especially when you get into production.
Hardware development has a direct correlation to software development. Hardware changes can affect software development when you take the C s s P class, the S D L C. Is just drilled into your head. For example, Waterfall versus Agile.
But you don't want to do software development if the chips said or memory is going to change, because the change in the physical world will have a direct impact in the software world.
And this means that software development could be out of sync with the hardware development. So if one team experiences a lag and hardware development, there can be pressure. And for another team to hurry up the software development to catch up to where the hardware development is.
And rushing development always tends to lead to security problems.
So let's break down the hardware development there. Silicone and these were the microprocessor chips on. There's a lot of considerations for silicon chip sets that have nothing to do with security capabilities when choosing chip sets. The first consideration, quite frankly, is meeting the capability requirements,
and then it's cost. Or it could be the opposite, where cost is really the only consideration.
I just think about what we discussed in module for every choice when it comes to the chips is gonna have different implications
when you consider the PCB fabrication. The printed circuit board, the O. E. M. Might design the PCB internally using something like Autodesk Eagle or Solid Works PCP. Or they may hire an outside contracting firm to do this. If the ODM expertise software instead of hardware,
the components are gonna be sourced from different vendors,
and silicon is gonna come from one source and other chips will come from different sources
and a contract manufacturer maybe hired to assemble and build the PCB. Using all those components,
and you'll have to consider the device manufacturing.
You have to design and build the device case we're using injection molding process, and there's different considerations with that.
Remember, in a previous lesson when we talked about how even the design of an internal antenna can have an impact on communication, depending on how it's placed within the device and how the device is held,
and sometimes you may use a contract manufacturer,
there's several key risk associated with that decision.
Device identity has to be injected safely. The OM has to protect the encryption keys. The sip so has to ensure the intellectual property is protected and make sure their product overruns are limited.
And there are many opportunities within the design and manufacturing process where secrets are not so secret. So a lot of security related decisions need to be to be made then
and in assembly someone has to put the final product together. And of course, we have quality testing. You have to build a process that test the product, and I've heard that manufacturing. Sometimes it seems like you're designing and building two things at the same time. First, you're designing building the product, and second, you're also designing building the building
to properly test that product.
This slide shows that generic product development process, and this illustrates the manufacturing stages from least to most mature, thes stage gates help identify and address risk. It's important to catch flaws early, before thousands and thousands of units air created
in the concept you create an M V P. Minimal, viable product.
Then, as you move through each phase of the process, you encounter different stage gates. And there's three verification tests, for example, the engineering verification tests, the design verification tests and the production verification test.
And the process is not always easy. And there's no guarantee that even if you follow a process all the way to the end that you're gonna have a good product.
If you Google Dyson 51 27 for example, you'll find that Dyson took 15 years and 5127 prototypes before they created the very first model, the D C 01 bag free vacuum. That's 5126 failures
over 5475 days.
That's a failure a day after vacation of holidays.
But of course it was worth it. His net worth in 2020 was $6.3 billion.
Well, that's it for this lesson.
In this lesson, we took a brief trip into the mysterious world of product design. We looked at regulations of common challenges. We discussed software versus hardware development and we explored the product development process. I'll see you next time
Amazon Web Services (AWS)
AWS Test helps to effectively assess the skills of the AWS developers consisting knowledge of ...
ISACA CISM - Certified Information Security Manager
The ISACA Certified Information Security Manager (CISM) practice test from CyberVista helps students to prepare ...