Issue link: https://resources.mouser.com/i/1516458
Mosel says. "Also, make sure that the components in your products are registered for vulnerability monitoring. That way, if you become aware of vulnerabilities, you can inform your customers." Devices also need to have a secure mechanism for updating applications and firmware. "You must have a secure software-update mechanism so that you can check updates or changes with code signing," Mosel explains, noting that this step is also important for protecting your intellectual property because most of a device's functionality is driven by its software and firmware. Another important part of developing secure products is ensuring that you have a secure supply chain for components, which involves evaluating the cybersecurity practices of suppliers and testing their components, particularly microcontrollers and sensors. In the case of microcontrollers, evaluate the strength of their on-board encryption to verify that it is adequate for your application. "Supplier agreements should have cybersecurity clauses to make sure that suppliers are bound to certain standards. Then, of course, you also have to test key components," says Mosel. Ensure secure installation. Onboard devices so that their unique identity is recognized and becomes the basis for communications with that device. In addition, change any passwords at the time of setup and enable the minimum level of functionality required for a device to perform its essential tasks. If you are installing devices in an environment that includes many IoT devices, consider a separate IoT network for those devices. Controlled access to that network is imperative, with no connection to the network that business systems use. "Secure installation is a key part of securing IoT devices," says Mosel. "Even if the products are secure, installing them insecurely on an open network leaves them exposed." " Follow standards for architecture and design as well as secure coding. Conduct threat assessments and penetration testing. Plan for data protection from the very beginning." 25