More than one in five designers of embedded systems admit they hardly pay any attention to the security of their internet-enabled embedded systems products, according to a study from Barr Group.
The report, Barr Group’s 2017 Embedded Systems Safety and Security Survey, uncovered what was described as ‘alarming’ and ‘dangerous’ information about the state of embedded systems design.
Nearly 28% of the more than 1,700 qualified respondents (50% from North America, 27% from Europe, 14% from Asia, and 9% from other geographies) directed towards the fact that products currently being designed by them are capable of causing injury or death to one or more people in the event of a malfunction. Of these products, nearly half will mostly be connected to the internet, as anticipated by the respondents.
It is well known that any computer connected to the internet, including medical devices or embedded systems, are likely to be attacked through hacking; data breaches reached their highest level yet in 2016. Yet in spite of this, 22% of embedded systems engineers working on internet connected safety-critical products did not believe security as their requirement list for the product.
Michael Barr, Barr Group CTO, said: “This is dangerously inadequate planning that puts all of us at greater risk. When safety-critical devices come online, it is imperative that the devices are not only safe but also secure.”
Survey findings also revealed that of the designers working on safety-critical projects that will be connected to the internet. 19% admitted they do not follow coding standards, 36% use no static analysis tools, and 42% conduct only occasional code reviews.