Issue link: https://resources.mouser.com/i/1520713
Beyond the Wires 4 I oT technologies make it possible to detect, monitor, measure, track, and control almost anything, almost anywhere, bringing new opportunities to create innovative services. IoT applications can significantly improve access to high-quality healthcare, enhance comfort and convenience in everyday life, help to manage infrastructures and resources efficiently, and enable businesses to improve safety and productivity. On the other hand, many IoT devices handle data that should be kept private, such as network-access credentials, personal information like health data or financial details, intellectual property, and intelligence about business assets. As IoT devices have become more ubiquitous and pivotal in running everything, from home security cameras to smart cities and the smart grid, security specifications and standards have evolved, credible certifications have emerged, and best practices have been defined that are appropriate to their needs and work within the typical constraints on power, processing, and memory. Prominent examples include the Security Evaluation Standard for IoT Platforms (SESIP) created by GlobalPlatform—a technical association of industry experts—as well as the PSA Certified security framework and evaluation scheme created by a consortium including Arm, software developers, and well- known independent testing organizations. Historically, the rewards for producing demonstrably secure equipment have been reputational: highly regarded products and services win market share. But changes are afoot. New regulations are coming forward in territories worldwide that oblige device makers and solution developers to implement proper security. It's a great opportunity for responsible product developers to encourage greater adoption of IoT technologies in consumer and industrial markets by delivering superior security solutions. Toughening Security Stance New European legislation, in effect now and due to become enforceable by August 2025, mandates compliance with sections of Article 3.3 of the Radio Equipment Directive (RED) that cover cybersecurity. Specifically, these are sections 3.3d, e, and f. Section 3.3d calls for features to prevent harming communication networks or disrupting services. Section 3.3e covers personal data and privacy protection and requires measures to prevent access or transmission of personal data. Section 3.3f focuses on fraud prevention through features such as user authentication controls to protect electronic payments and monetary transfers. The legislation applies to devices that can communicate over the internet, whether directly or via other equipment, and equipment that may expose sensitive personal data. End users' attitudes towards device security are also changing. The PSA Certified 2022 Security Report noted that consumers have become more likely to check for security than to focus only on cost and features. Secure IoT Connectivity: Design to Meet Forthcoming Cybersecurity Legislation Nathalie Vallespin, Product Line Manager Connectivity STM32, STMicroelectronics