The Dawn of a Paradigm Shift in Embedded Device Software Security

By Marc Brown


The number of connected embedded and mobile devices is increasing exponentially, predicted to be in excess of 50 billion by 2020.  The lion’s share of this growth is expected to come from traditional market segments where there is an increasing push to transform sensing equipment to more autonomous embedded control, real-time telemetry, and proactive diagnostics. We all know website hacking is nothing new, but just imagine having your public water utility meter, your automobile safety functions, our public transportation traffic sensors, or even the national power grid being hacked by organized criminals or nation states.  This tsunami of connectivity and more intelligent control is creating a huge increase in security vulnerabilities that can impact financial profitability, public services and safety, and national defense. 

Many of today’s most advanced embedded control systems are based on a collection of standalone components – embedded operating systems, virtualization technologies, communication stacks, middleware, and application code.  These standalone products, and the companies that create them, lack the integrated security support required in today’s highly connected world, offering overall solutions that are only as safe as the weakest link. 

McAfee and Wind River have formed a strategic partnership to develop and support comprehensive, purpose-built security solutions specifically designed for these next-gen embedded devices.  This partnership will combine the security expertise from both companies, powering security solutions that support all software layers.  It’s our belief, that it’s time to proactively define and accelerate solutions that protect the functions a device is expected to perform and the data that it accepts from the cloud.

Given the huge liabilities and increased security activity, with over 55,000 new unique malware found on a daily basis, all companies developing embedded products will need to have strategies in place to cope with increasing security requirements.  Only Wind River and McAfee can handle the broad types of security vulnerabilities effecting embedded devices today.  By combining Wind River’s core security-certified runtime technologies, with McAfee’s whitelisting, anti-malware and global threat intelligence capabilities, we’ll be able to support a broad array of connected M2M capable devices for industrial automation, energy, medical, networking, consumer electronics, aerospace and defense.

It’s obvious that security and secure embedded solutions have become a necessity.  It’s also known that cyber attacks, global connectivity, and the associated risks are on the rise, accelerating at a near exponential rate.  Wind River and McAfee have defined something fundamental, something new, on the forefront of embedded solutions, which will solve the growing security requirements and aid in its evolution.  We are no longer in a world only concerned about performance, footprint, and connectivity…the world of highly performing secure embedded solutions has arrived.