Art Swift, President, prpl Foundation
In the last blog post, I discussed how regulators are increasingly setting themselves on a collision course with consumers keen to customize and improve the functionality of their products. The key here is the Internet of Things, which is rapidly turning a new generation of products “smart” by adding computing power, network connectivity, and sophisticated software. From cars to routers and drug infusion pumps to drones, they now offer a wealth of possibilities for tech savvy owners keen to push their device capabilities to the limits. At the same time there are logical reasons why lawmakers and regulators need to lock down certain functionality – for the safety and well-being of their citizens. It’s a delicate balance.
The problem is that current IoT systems simply aren’t architected in a way which will allow for this kind of granularity. The answer is a new approach outlined in the prpl Foundation’s new document: Security Guidance for Critical Areas of Embedded Computing. It describes how open source development; secure boot based on a root of trust anchored in the silicon; and hardware virtualization can keep both regulators and consumers happy. Continue reading