Addressing the unique cybersecurity challenges facing the Linux community
In this conversation, the CEO of Foundries.io, George Gray, discusses the challenges of cyber security in Linux devices for IoT. He explains that Linux devices tend to be more complex and have more functionality than other types of IoT devices, which means that there are more attack surfaces for security vulnerabilities. However, the benefit of using Linux is that it has access to a large ecosystem of software and applications. In order to create security, the devices need to be secured all the way down to the root of trust, which can be complex in some of the big SOC (system on chip) devices.
Gray also points out that even if a device has a secure connection, such as TLS or HTTPS, it doesn’t necessarily make the device secure. This is because the device can be running software that the manufacturer didn’t intend, and it can also have a virus. To properly secure an IoT or edge device, the manufacturer needs to make sure that the device is running the software that was shipped with it, and this requires things like secure boot and certification. Additionally, updates for the device must be secure, as this is another threat for somebody to update the device with something that the manufacturer didn’t want.
Gray also notes that from a legislative standpoint, it is hard for manufacturers to keep up with the ongoing legislation in different regions around the world, such as the US, Europe, and Asia. This legislation is requiring manufacturers to make their software updatable through the product lifetime, as exploits can happen that could not have been thought about when the product was first designed. Additionally, manufacturers need to be able to update all of the software on the device, including the operating system and firmware, in order to keep the device secure.