Product Testing and Cybersecurity
Cheryl Ajluni, IoT solutions lead at Keysight Technologies, a manufacturer of electronics test and measurement equipment and software, says thanks to the IoT, manufacturing is evolving from large-scale production to a MaaS (manufacturing-as-a-service) model, with technologies like 3D printing enabling mass customization. Amidst the myriad benefits of IoT adoption, however, is an intensified need to ensure connected device security.
“As (the) IoT is rapidly making its way into our everyday lives, the importance of security testing becomes even more critical, especially during manufacturing,” explains Ajluni. “In many ways, it’s the last line of defense for the device. If a security vulnerability is not identified during this stage, a product may go into operation only to be promptly attacked by cybercriminals. When that occurs, it can devastate a company and its brand.”
Connected devices are especially prone to attacks because they often rely on end users to change a password before putting them into operation as their prime security measure. Ajluni says end users tend to connect these devices to the Internet before changing their passwords and, as a result, they instantly become vulnerable to an attack. “Security in IoT devices can no longer be an afterthought or an add-on feature,” Ajluni urges. “It must be built into the design, coding, and architecture of every IoT device. Testing throughout the manufacturing process is the only way to make sure every component of the IoT device is safe and secure for consumer use.”
The IoT has also created the need for new types of product testing, since each technology built in to a connected device introduces potential complications. These complications are only avoidable through appropriate precision tests. For example, Ajluni says a radio must be added to a connected device so it can send and receive information, and the device must work within proximity of other devices that are simultaneously sending and receiving information. “Wireless standard-specific testing is therefore essential to ensure IoT devices can operate unimpeded in the real world and without impacting other devices,” she explains. “As new standards emerge with their own unique modulation and interference-avoidance techniques and different technical requirements, product testing will have to be adjusted to ensure adherence.”
The way IoT devices are tested, in some cases, may also change, especially since many IoT devices are small, and connecting to them for the purposes of test is not always possible. “For this reason, testing that takes place over the air, as opposed to via direct physical contact, has emerged as a way to ensure IoT devices are sufficiently tested for defects like missing or wrong components, solder issues, and more,” Ajluni says.
Product security and safety is for the public good, and according to Ken Modeste, director of connected technologies and cybersecurity lead at UL, an independent safety science company, the concepts of safety are being expanded with connectivity. “This means with (the) IoT, safety concepts can now include privacy, securing data, interoperability, takeover of products to perform unintended functions, and possibly economic loss,” Modeste says. “Therefore, product testing needs to consider these additional elements when focusing on the public good. Being able to provide measurable criteria to assess and evaluate interoperability and security, along with safety, becomes an important aspect of product testing.”
The product-testing ecosystem has needed to adjust to accommodate the growing need for connected-device safety. “Being able to have standards that focus on testing and performance based on certain agreed-upon cyber criteria that are measurable, repeatable, and reproducible is a main factor that now needs to be considered,” adds Modeste. “Having the criteria aligned with risk-based methodologies is on the forefront of moving the ecosystem to accept these new innovative products.”
Companies need to secure not only the products they manufacture, but also their factories, which could contain hundreds or even thousands of Internet-connected devices. Manufacturers must consider the possibility of third parties, such as competitors, accessing a network and, with it, trade secrets, like the “recipe” for certain products’ design and manufacture. West Virginia University’s Wuest brings up another concern: the possibility of a cybercriminal changing a part or product design so that it’s manufactured to spec but does not perform as intended.
“Imagine a critical part of an airplane that all of a sudden only has half the strength as originally designed due to a criminal manipulation of the CAD (computer-aided design) data,” Wuest says. “If that part then fails during operation—the plane flying—(it) can cause serious damage and cost lives.”
While the promise of smart factories is compelling, producing safe connected products and maintaining a secure factory environment are two of several challenges manufacturers may face. Many manufacturers may also grapple with integration issues as they adopt IoT systems, since they’re likely to have a number of different systems in place that are of different ages, makes, and connectivity type. Manufacturers may also be hesitate to commit to a system for which they can’t fully estimate the true cost and potential ROI.
“Another factor is the understanding of what data should be acquired through IoT sensors,” says Wuest. “This is a critical point, as on the one hand, what is not measured cannot be analyzed, but also too much sensors and data exponentially increases the effort to implement and operate. And, what we see now is the question: When can we finally ‘delete’ data again? For some processes, such as SLM (service lifecycle management), the data generated per minute is significant.”
From a social perspective, there is also the challenge of dealing with the notion that robots will replace the human workforce—a perception that can be overcome with time and effort on manufacturers’ part. “Manufacturers and employees will need to adapt to a changing workforce, for sure, but it doesn’t have to mean a loss of all human jobs,” explains Keysight Technologies’ Ajluni. “People will still be needed to do the jobs on the factory floor that robots and sensors can’t. Additionally, new types of jobs will be created as manufacturers try and figure out how best to take action from all of the data collected on the factory floor. It will fall to manufacturers to determine how best to repurpose their existing workforce and in what positions.”