IoT crisis, mastering safety into the only road

With the rapid development of technology, the task of implementing network security has become more complicated. In addition to the most basic electrical and mechanical fire safety, electronic products must be adhered to. In addition to ensuring the most critical software and network security, it is also necessary to maintain certain Performance (quality) performance; and in today's market filled with a variety of marketing languages, the company's words in the marketing of goods, highlighting the importance of "marketing inspection and verification" through third-party units, Can ensure the purchaser's rights.

There are many kinds of IoT devices. Only by obtaining third-party security certifications recognized by the government is the long-term solution to stabilize the market.

The above-mentioned Cybersecurity, product electromechanical and fire safety (Safety), performance/quality (Marketing/Quality) and marketing declaration verification (MarkeTIng Claim VerificaTIon), coupled with the current market advocacy of product sustainability ( Sustainability and Transparency of the business operation (supply chain) are the so-called six cornerstones.

Technology always comes from the development of human IoT

Everyone is no stranger to the scenes of science fiction movies. People's embarrassment for the future world has accelerated the development of smart families. Can today's technology really fulfill the dream for everyone?

Chen Lizhen, business development manager of the UL Energy and Power Technology Department, pointed out that in the era of the so-called Internet of Things, smart homes and smart home appliances are the main core. The smart functions that are often used today, in which "voice recognition" is regarded as the first step, many smart phones have a lot of built-in voice functions. We can search for data through voice recognition, use map navigation, and even more directly. Synchronous translation; followed by "face recognition", each person's unique physiological characteristics, through scanning identification, such as blinking, eyebrows and other minor facial changes to issue instructions, although this technology has just started, but The future development is really exciting; the third step is “action recognition”. Through the movement of the limbs on the front side, the sensing system of the smart home appliance can judge its movement, so it can predict human beings after detection. The next step is to interpret the behavioral needs; the final “behavioral identification” is expected to achieve the purpose of self-learning through the recognition and accumulation of behavioral patterns, and can be detected by certain human behaviors or body language.

Regardless of the function of the smart landscape, all the original intentions of the design begin with the needs of human nature. In other words, the booming development of the Internet of Things has been given to smart home appliances that make life smarter and better. It is not a dream in every person's living space.

Who is blocked by the development of the smart family?

Chen Lizhen believes that although the smart home products we have seen seem to be some distance away from the real artificial intelligence, in fact, some technologies of "action recognition" can approach the level of "behavioral identification", but their security vulnerabilities are often possible. Causes identification errors and greater security concerns behind them. For example, the demand for electronic and intelligent vehicles, computer and multi-media systems have gradually become standard equipment, and the hacking problem originally in the Internet has become a more urgent challenge. In addition, stealing relevant personal data and sensitive information in the user's product is no longer the only way for hackers to hack their operating system or related information through network loopholes, such as locking a mobile phone, computer or important files. Cases of claiming ransoms are also emerging around the world.

Further observation, in fact, it is not the product with networking function that will face the risk of network. In 2009, in the United States, the gas stove with no networking function was accidentally caused by the improper design of the PDA mobile phone. An instruction to accidentally trigger ignition due to electromagnetic surge interference generated when the phone rings. It can be seen from this that through other relevant factors, it is not difficult to foresee that the unsafe doubts that originally had networking-enabled products will become more complicated.

As mentioned above, in addition to the security of networked software, the risk of device errors caused by software errors is more worrying, one of which is the charging security of mobile smart devices. For example, the electric balance car that has received much attention in the past is causing disasters during charging, which has caused great concern to the US government. Therefore, all electric balance cars entering the United States must pass the UL safety certification, if using intelligent control charging devices. A network security issue has arisen that can be difficult to estimate.

These accidents occur because of the existence of insecure software and hardware and the existence of loopholes. The following are the top ten common network risks listed on the website related to network security:

• Insecure network interface – may be compromised with unsecured Wi-Fi

• Insufficient authorization protection – passwords are vulnerable

• Unsecured network services – camouflaged network services

Insufficient data transfer encryption – the data transfer process is not sufficiently confidential and easy to be cracked and abused

Privacy is not protected – privacy settings are inadequate, file files are easily stolen and cracked

Unsafe cloud interface – the cloud system itself has insufficient security strength and becomes a new security corner

• The safety settings themselves are not safe enough – the safety requirements of the environment itself are too low to meet the protection requirements

Unsafe software – free software that is cheaply acquired may hide the vulnerability of protection

• Poor physical security – software may be safe, physical protection is insufficient, and electromagnetic interference can be destroyed

UL 2900 series standard covering the network security ecosystem

In fact, according to the statistics of insurers, the proportion of hackers in cyber risk events is not as high as most people think. In the case, more than 50% of the accidents in the case are caused by human factors and system vulnerabilities. In the case that there are no problems with both hardware and software devices, the risk may be attributed to the internal neglect of the system, or the situation of “inside the gods”. All in all, companies often spend more than expected when filling these security holes. Recognizing that network security vulnerabilities continue to challenge the dangerous level, the White House government has specifically commissioned UL to collaborate in the development of network security standards, the UL 2900 series of standards, including UL 2900-1 for locking software, UL 2900-2 for hardware, and Focus on the organization and process (execution) UL 2900-3 and UL 2900-4 and other four specialized certification services.

It is worth mentioning that the UL 2900-2 standard for hardware is currently the first medical device (UL 2900-2-1) and industrial control system (UL 2900-2-2), which is due to the medical Internet of Things. The biggest difference between the industrial control of the Internet of Things and the traditional human-networked road is that it must pay more attention to the "secondary and countable" and "accurate data" links, such as the traditional credit card payment, due to system errors, delays in data transmission, such as the case where the data is not stolen. In fact, it will not bring significant harm to the human body and even the country. However, for the safety of the medical Internet of Things and the industrial control of the Internet of Things, “punctuality and precision” is definitely a key factor that cannot be ignored.

Fully operating the operating table of the power plant may also be amortized

For example, when attacking the industrial control IoT, you can sneak into the data by letting the door lock system lengthen the computing time and fail to execute the instructions in time. It can also achieve the purpose through the 瘫痪 system, for example, in attacking the power plant. When the information flow of the grid system is increased, the system may have to consume too much software and hardware resources for calculation, operation and execution, resulting in the loss of nodes or nodes or the overload of network resources, and the system may enter self-protection. The pattern, which in turn leads to partial or complete paralysis of the grid.

In today's technologically advanced world, many medical devices have to transmit information through the Internet and make adjustments on the fly. In addition to “time”, accuracy is also important in the treatment process. Therefore, the medical Internet of Things is a part of the hacker’s eyes. Big cake. The biggest difference between medical Internet of Things and traditional Internet hacking events is the immediate safety of life. For example, in the United States, hackers invaded the operating room and controlled the operating room equipment. If the ransom was not paid in time, all the instruments would not work, and because of the life of the patients, they had to follow suit. In view of the endless stream of similar incidents, the US Food and Drug Administration (FDA) has announced on the official website that the certification of electronic medical devices must now increase the risk assessment of cybersecurity.

The equipment is reliable, is that person reliable?

After the equipment has passed the safety certification, the last is the management level and the implementation of the check. UL 2900-3 is a security certification for the company and the organization's structure, avoiding system loopholes such as “inside the ghost” or human-computer interaction, such as requiring companies to have strict access control systems and image records, and to grasp the movements of personnel. Or to avoid the safe flow of important confidential information, take monitoring measures of computer activity records to ensure that important information will not be carried out by the Internet or by people. Once the enterprise's human-machine system design meets the requirements, UL 2900-4 is convenient for continuous execution and implementation management of the system. In summary, the UL 2900 series of standards is a comprehensive standard that takes care of both the software and hardware, the system management, and the implementation.

How to detect after the standard is established

After the standards are set up, software security is the first level. The detection is mainly divided into three major directions: “system weakness and crack”, “software vulnerability scanning” and “security control”.

The first is the test of "system weakness and cracking", which can give the software a fuzzy instruction by obscuring the instruction, and observe whether the system can respond correctly; and because the software is becoming more and more complex, many writers will use the public. The software module database, however, if these modules have security vulnerabilities, the vulnerabilities may not disappear after the system is formed. Therefore, UL will use many known vulnerabilities to detect the security of the software system during testing. The basic security protection of the software system is confirmed by penetration testing and testing of malicious programs such as Trojans.

After the completion of the "system weakness and crack" project detection, it is still possible to be invaded because of the weakness of the software itself, "software vulnerability scanning" has become an important project for detection. It includes the security of the test software source code and the security of the compiled binary code to ensure that there is no security hole caused by the software itself. .

Finally, the “Security Control” project detects the access rights of the software, ensuring that the software is not accessed or changed without proper authorization; one of the keys is the password module saving mechanism required to log in or modify the permissions, and the other connection Management and update management security must also be considered, such as the use of "fishing" to induce users to update their passwords, or through the fake update version often makes the security more and more holes. There are more than one million computer viruses in the world, so it is time-consuming to detect system vulnerabilities. However, many companies often fail because of the cost, but such decisions and relative risks are actually It is open to question.

According to Gartner's report, the Internet of Things is still in the stage of “InnovaTIon Trigger”. Many products are not yet popular and the technology is not yet mature. The business development of the Internet of Things will definitely promote the emergence of many related companies. There may be excessive expansion, and in an increasingly competitive situation, companies with poor health or safety issues may be eliminated in the market. In order to enable enterprises to survive the excessively competitive market crisis, it is a long-term solution to achieve safety certification.

24V Power Battery

24V Power Battery,Lithium Pack Charger,Lithium Battery Technology,Lithium Polymere Battery

Sichuan Liwang New Energy Technology Co. , https://www.liwangnewenergy.com