The Hunt for Power Remote Sensing

With the advent of the Internet of Things (IoT), the need for ultra-low power passive remote sensing is on the rise for battery-powered technologies. Always-on motion-sensing technologies are a great option to turn to. Digital cameras have come light years from where they were a decade ago, but low power they are not. When low-power technologies need always-on remote sensing, infrared motion sensors are a great option to turn to.

Passive infrared (PIR) sensors and passive infrared detectors (PIDs) are electronic devices that detect infrared light emitted from objects within their field of view. These devices typically don’t measure light per se; rather, they measure the delta of a system’s latent energy. This change generates a very small potential across a crystalline material (gallium nitride, cesium nitrate, among others), which can be amplified to create a usable signal.

Infrared technology was built on a foundation of older motion-sensing technologies that came before. Motion sensing was first utilized in the early 1940s, primarily for military purposes nearing the end of World War II. Radar and ultrasonic detectors were the progenitors of motion-sensing technologies seen today, relying on reflecting sound waves to determine the location of objects in a detection environment. Though effective for its purpose, its use was limited to military applications and was not a reasonable option for commercial users.

This essay appears in Circuit Cellar 314 (September 2016).

The viability of motion detection tools began to change as infrared-sensing options entered development. The birth of modern PIR sensors began towards the end of the sixties, when companies began to seek alternatives to the already available motion technologies that were fast becoming outdated.

The modern versions of these infrared motion sensors have taken root in many industries due to the affordability and flexibility of their use. The future of motion sensors is PID, and it has several advantages over its counterparts:

  • Saving Energy—PIDs are energy efficient. The electricity required to operate PIDs is minimal, with most units actually reducing the user’s energy consumption when compared to other commercial motion-sensing devices.
  • Inexpensive—Cost isn’t a barrier to entry for those wanting to deploy IR motion sensing technology. This sensor technology makes each individual unit affordable, allowing users to deploy multiple sensors for maximum coverage without breaking the bank.
  • Durability—It’s hard to match the ruggedness of PIDs. Most units don’t employ delicate circuitry that is easily jarred or disrupted; PIDs are routinely used outdoors and in adverse environments that would potentially damage other styles of detectors.
  • Simple and Small—The small size of PIDs work to their advantage. Innocuous sensors are ideal for security solutions that aren’t obtrusive or easily noticeable. This simplicity makes PIDs desirable for commercial security, when businesses want to avoid installing obvious security infrastructure throughout their buildings.
  • Wide Lens Range—The wide field of vision that PIDs have allow for comprehensive coverage of each location in which they are placed. PIDs easily form a “grid” of infrared detection that is ideal for detecting people, animals, or any other type of disruption that falls within the lens range.
  • Easy to Interface With—PIDs are flexible. The compact and simple nature of PIDs lets the easily integrate with other technologies, including public motion detectors for businesses and appliances like remote controls.

With the wealth of advantages PIDs have over other forms of motion-sensing technology, it stands to reason that PIR sensors and PIDs will have a place in the future of motion sensor development. Though other options are available, PIDs operate with simplicity, energy-efficiency, and a level of durability that other technologies can’t match. Though there are some exciting new developments in the field of motion-sensing technology, including peripherals for virtual reality and 3-D motion control, the reliability of infrared motion technology will have a definite role in the evolution of motion sensing technology in the years to come.

As the Head Hardware Engineer at Cyndr (, Kyle Engstrom is the company’s lead electron wrangler and firmware designer. He specializes in analog electronics and power systems. Kyle has bachelor’s degrees in electrical engineering and geology. His life as a rock hound lasted all of six months before he found his true calling in engineering. Kyle has worked three years in the aerospace industry designing cutting-edge avionics.

Low-Power BLE Sensor Node for IoT Applications

Microchip Technology recently released a demonstration platform for the lowest-power Bluetooth Low Energy (BLE) sensor node. The platform features an ultra-low-power BTLC1000-certified module, a SMART SAM L21 Cortex-M0+ MCU, Bosch sensor technology, and a complete software solution. The BLE demonstration platform includes source code, hardware design files, a user guide, and Android application source code.Microchip BLE Demo Platform

Features, benefits, and specs:

  • An integrated BTLC1000-MR110CA BLE module, delivering at least 30% more power savings compared to existing solutions.
  • An ultra-tiny 2.2 mm × 2.1 mm Wafer Level Chipscale Package (WLCP).
  • A SAM L21 that achieves a ULPBench score of 185, with power consumption down to 35 µA/MHz in active mode and 200 nA in sleep mode.
  • Bosch six-axis motion (BHI160) and environment (BME280) sensors that can be used for a wide variety of sensing applications.

The Ultra-Low-Power Connected Demonstrator Platform costs $39.

Source: Microchip Technology

The Future of IoT Security: One Size Doesn’t Fit All

Security is one of the hot topics today in the Internet of Things (IoT). There have been well-publicized security breaches of consumer devices that include hijacked video from wireless baby monitors being posted on the Internet and home automation systems that reveal whether a home is occupied or not. A number of systems have been breached just to demonstrate their vulnerabilities. Less well publicized are security breaches of industrial equipment with much more severe consequences. These are rarely made public for obvious reasons.

At first glance, it would seem that the existing security mechanism for the Internet and corporate networks would be an easy solution for IoT security. There are several problems with this. First, IoT applications only require security that is “good enough” for the specific application. Just like you don’t need razor wire and guard towers to keep your dog in the yard and don’t want to rely on a four foot yard fence to keep the prisoners in a maximum security prison, the level of security for an IoT product needs to be based on the needs of the application (often basic privacy rather than real security).

Consider data encryption for network transfers as an example of why existing security mechanisms generally do not work well for the IoT. Encryption standards typically target applications that require extremely high levels of security such as financial transactions and military or national security communications. These encryption standards are severe overkill for most IoT applications and present significant problems for small, battery-powered IoT devices. An encryption algorithm may require upwards of 4 KB of code space, which is as much or more than many otherwise suitable microcontrollers might have. Many encryption standards rely on multiple rounds of encryption. The time it takes to perform the encryption could be several times longer on a small micro than the time it takes the micro to perform its main tasks. Most common encryption standards rely on 16- to 32-byte keys to help ensure data security. For many IoT devices, these key lengths could increase the length of their network messages by a factor of 4× to 8× or more. The execution time and added network traffic can quickly chew-up precious battery capacity, increasing the size and cost of a product. The extremely high level of security provided by these encryption algorithms is what drives the large code size, long execution times, and high message overhead that makes them inappropriate for most IoT applications. Hardware encryption addresses the code size and execution time issues but still suffers from high message overhead.


The other major problem with using existing security mechanisms is IoT developers typically don’t have network security experience. There is a certain mindset and expertise required to develop IoT products and a completely different mindset and expertise required to be a security expert. The time required to develop these security mechanisms in-house could take several times longer than the basic product development. Several companies have recognized this problem and have recently introduced security framework products to be incorporated into IoT devices. True end-to-end security requires much more than just passwords and data encryption, and these framework products address other needs like key management and protection against common network attacks. These security frameworks may well be the future of IoT security, but to be widely adopted, they have to be right-sized for IoT devices.

When selecting the wireless technology to use in an IoT product, things like distance, bandwidth, cost, and physical size have to be considered. Words and phrases like “streamlined” and “light weight” need to be kept in mind when assessing security solutions for IoT products. A feature-rich security framework product might be appealing, but many IoT devices provide simple functions and don’t need a plethora of features. They also can’t afford the memory space and execution time overhead (and power consumption) imposed by these unneeded features. Whether future IoT products are based on a security framework or in-house developed security, there will not be a one-size-fits-all solution. Security for successful IoT products will be right-sized for the hardware resources available and the needs of the application.

Mike Lease is a hardware/firmware engineer with more than 30 years of product development experience, mostly in embedded products. He developed a number of battery-powered, wirelessly connected devices before “IoT” became a common buzzword, and several more since then. Mike enjoys taking on tough challenges and has recently developed a fascination with generating random numbers. In 2013 he founded CMicrotek ( to develop a family of ultra-low current measurement products primarily for developers of battery-powered products. Mike recently launched LSE Technologies, a provider of lightweight stream encryption software for M2M and IoT applications.

RF-LORA Module for the IoT

RF Solutions’s RF-LORA module is a high-performance radio module delivered in a compact 23 mm × 20 mm format. Intended for Internet of Things (IoT) applications, the RF-LORA module delivers Semtech’s LoRa technology for IoT applications.RF-LORA promo image v2 copy

The RF-LORA’s specs and features:

  • Up to 16 km, spread-spectrum communication and high interference immunity within minimum current consumption
  • Semtech SX1272 LoRa chip.
  • Built-in preamble detection
  • Available in SMT and DIL packages

Source: RF Solutions

Narrowband IoT Module Optimized for Secure Applications

u-blox new SARA-N2 Narrowband IoT (NB-IoT) module is a cellular radio module compliant to the 3GPP Release 13, Narrowband IoT (LTE Cat. NB1) standard. Intended for a wide variety of IoT applications (e.g., smart buildings and cities, utilities metering, and asset tracking), the compact (16 mm × 26 mm) SARA-N2 module will operate for up to 20 years from a single-cell primary battery. With a 20-dB link budget improvement over GPRS, the module delivers high performance under poor coverage conditions (e.g., underground or inside a building).UB047 u-blox

The SARA-N2 module’s advantages include:

  • Secure, private communications
  • Peak downlink rates of up to 227 kbps and uplink rates of up to 21 kbps
  • Simultaneous support for three RF bands so you can use the same module in most geographic regions.
  • Lower latency than mesh networks due to its point-to-point topology,
  • Ability to run next to existing 2G and LTE networks
  • Allows for robust two-way communication
  • The possibility for global roaming


Samples of the SARA-N2 NB-IoT module are scheduled to be available in Q4 2016.

Source: u-blox

Light-Weight Data Encryption for IoT and M2M Applications

LSE Technologies recently announced it is enabling secure end-to-end network data transfers for M2M applications and IoT devices with its Lightweight Stream Encryption Technology (LSET) C source code packages. LSE tech

Three versions of the LSET Professional product line are available for different levels of security and processing resources:

  • LSET Pro is targeted at 8-bit and low-end 16/32-bit microcontrollers and offers basic encryption algorithm for short control/status messages.
  • LSET ProX is targeted at mid-range 16/32-bit microcontrollers with an enhanced encryption/decryption engine and key security features. It is suitable for short control/status messaging as well as video and firmware updates.
  • LSET ProXT is targeted at higher end 32-bit microcontrollers and provides a more advanced encryption/decryption engine and additional key security features. It is suitable for longer messages such as in gateway applications as well as for video and firmware updates.

On a common 32-bit microcontroller, a typical implementation of the LSET ProX package would require about 600 bytes of code space plus 64 bytes of RAM and with a 20-MHz CPU clock encryption/decryption could be performed in about 2.5 µs per byte.

The LSET source code packages were designed to be easily incorporated into existing code bases. In many cases data encryption can be added to a product in just a few hours. The LSET Professional C source code packages start at $500 for the LSET Pro package.

Source: LSE Technologies

Compact COM Express Module with Intel Celeron N3xxx Processors

WIN Enterprises recently launched the compact MB-73450 COM Express module with Type 6 pinouts. The module supports a variety of dual- and quad-core SoC processors, including Intel Celeron and Pentium N3000 product families (4–10 W). In addition the unit supports the cost-efficient Intel Atom quad-core x5-E8000. Turbo-boost frequencies range from 2 up to 2.56 GHz across the various processor options for MB-73450.WinEnt MB-73450

Notable features and characteristics:

  • Supports Intel Celeron N3x processor family
  • Up to 8-GB non-ECC dual-channel DDR3L
  • Two DDI channels, one LVDS, up to three independent displays
  • GbE, 2× SATA 6 Gbps, 4× USB 3.0 and 8× USB 2.0
  • Five PCIe ×1 (Gen2)
  • Supports TPM 1.2/2.0
  • Wide-range voltage input 8.5 to 20 V
  • Wide range operating temperature: –40°C to 85°C (optional)
  • A maximum of up to 8-GB DDR3L memory.

The MB-73450 processor options featured robust turbo burst frequencies for IoT applications where processors must serve functions incremental to their primary application function, such as encryption/deencryption and virus protection. MB-73450 supports Trusted Platform Module (TPM) for more secure communications.

Source: WIN Enterprises

The Future of Sensor Technology for the IoT

Sensors are at the heart of many of the most innovative and game-changing Internet of Things (IoT) applications. We asked five engineers to share their thoughts on the future of sensor technology.

ChrisCantrellCommunication will be the fastest growth area in sensor technology. A good wireless link allows sensors to be placed in remote or dynamic environments where physical cables are impractical. Home Internet of Things (IoT) sensors will continue to leverage home Wi-Fi networks, but outdoor and physically-remote sensors will evolve to use cell networks. Cell networks are not just for voice anymore. Just ask your children. Phones are for texting—not for talking. The new 5G mobile service that rolls out in 2017 is designed with the Internet of Things in mind. Picocells and Microcells will better organize our sensors into manageable domains. What is the best cellular data plan for your refrigerator and toaster? I can’t wait for the TV commercials. — Christopher Cantrell (Software Engineer, CGI Federal)

TylerSensors of the future will conglomerate into microprocessor controlled blocks that are accessed over a network. For instance, weather sensors will display temperature, barometric pressure, humidity, wind speed, and direction along with latitude, longitude, altitude, and time thrown in for good measure, and all of this will be available across a single I2C link. Wide area network sensor information will be available across the Internet using encrypted links. Configuration and calibration can be done using webpages and all documentation will be stored online on the sensors themselves. Months’ worth of history will be saved to MicroSD drives or something similar. These are all things that we can dream of and implement today. Tomorrow’s sensors will solve tomorrow’s problems and we can really only make out the barest of glimpses of what tomorrow will hold. It will be entertaining to watch the future unfold and see how much we missed. — David C. Tyler (Retired Computer Scientist)

Quo vadis electronics? During the past few decades, electrical engineering has gone through an unprecedented growth. As a result, we see electronics to control just about everything around us. To be sure, what we call electronics today is in fact a symbiosis of hardware and software. At one time every electrical engineer worth his salt had to be able to solder and to write a program. A competent software engineer today may not understand what makes the hardware tick, just as a hardware engineer may not understand software, because it’s often too much for one person to master. In most situations, however, hardware depends on software and vice versa. While current technology enables us to do things we could not even dream about just a few years ago, when it comes to controlling or monitoring physical quantities, we remain limited by what the data sensors can provide. To mimic human intellect and more, we need sensors to convert reality into electrical signal. For that research scientists in the fields of physics, chemistry, biology, mathematics, and so forth work hard to discover novel, advanced sensors. Once a new sensor principle has been found, hardware and software engineers will go to work to exploit its detection capabilities in practical use. In my mind, research into new sensors is presently the most important activity for sustaining progress in the field of electronic control. — George Novacek (Engineer, Columnist, Circuit Cellar)

GustafikIt’s hard to imagine the future of sensors going against the general trend of lower power, greater distribution, smaller physical size, and improvements in all of the relevant parameters. With the proliferation of small connected devices beyond industrial and specialized use into homes and to average users (IoT), great advances and price drops are to be expected. Tech similar to that, once reserved for top-end industrial sensor networks, will be readily available. As electrical engineers, we will just have to adjust as always. After years of trying to avoid the realm of RF magic, I now find myself reading up on the best way to integrate a 2.4-GHz antenna onto my PCB. Fortunately, there is an abundance of tools, application notes, and tutorials from both the manufacturers and the community to help us with this next step. And with the amazing advances in computational power, neural networks, and various other data processing, I am eager to see what kind of additional information and predictions we can squeeze out of all those measurements. All in all, I am looking forward to a better, more connected future. And, as always, it’s a great time to be an electrical engineer. — David Gustafik (Hardware Developer, MicroStep-MIS)

MittalMiniature IoT, sensor, and embedded technologies are the future. Today, IoT technology is a favorite focus among many electronics startups and even big corporations. In my opinion, sensor-based medical applications are going to be very important in our day-to-day lives in the not-so-distant future. BioMEMS sensors integrated on a chip have already made an impact in industry with devices like glucometers and alcohol detectors. These types of BioMEMS sensors, if integrated inside mobile phones for many medical applications, can address many human needs. Another interesting area is wireless charging. Imagine if you could charge all your devices wirelessly as soon as you walk into your home. Wouldn’t that be a great innovation that would make your life easier? So, technology has a very good future provided it can bring out solutions which can really solve human needs. — Nishant Mittal (Master’s Student, IIT Bombay, Mumbai)

New Plug-and-Play FPC Antennas for the 3G, 4G, and LTE Bands

Antenova recently announced three new flexible printed circuit antennas—Mitis (SRFL026), Moseni (SRFL029), and Zhengi (SRFC015)—to cover the 3G, 4G, and LTE bands. The flexible antennas—which belong to Antenova’s flexiiANT range of antennas—offer options for all of the world’s 4G and LTE bands. You also have a choice of antenna shape and size. You can fold the flexible FPC antennas to fit inside small electronic devices. You can position them vertically, horizontally, or co-planar to the PCB. and are ideal for use in applications where there may not be room for an SMD antenna.Antenova Mitis Antenna

The Mitis and Moseni antennas were developed for 4G and LTE applications, including MIMO. The Zhengi covers all of the 3G and 4G LTE bands B7 (2,500–2,690 MHz) and B30, B40 (2,300–2,400 GHz), including LTE Bands B7, B30, B38, B40, and B41.

The antennas come with an IPEX MHF (UFL) cable in a choice of three lengths for easy connection to a wireless module, making them effectively plug-and-play antennas, particularly as they can be integrated without matching. Each one has a peel-back self-adhesive backing that enables you to position it in a variety of  designs.

The Mitis, Moseni and Zhengi antennas are designed for a wide variety of applications, such as smart meters, remote monitoring, M2M, and IoT devices.

Source: Antenova M2M

Arduino Primo Features Nordic Semiconductor SoC

Nordic Semiconductor recently announced that Arduino’s new Arduino Primo features its nRF52832 Bluetooth low energy SoC. The IoT-targeted Arduino Primo PCB features native Bluetooth low energy wireless connectivity and includes Near Field Communication (NFC), Wi-Fi, and infrared (IR) technologies. In addition to being able to wirelessly connect to a wide array of Bluetooth low energy sensors, the Arduino Primo uses the nRF52832 SoC’s integrated NFC for secure authentication and Touch-to-Pair (a simple BLE pairing function requiring no user interaction), and has embedded IR for traditional remote control. Nordic_Arduino_Primo_PRINT

The Nordic nRF52832 SoC’s ARM processor has ample computational overhead to manage the Arduino Primo’s on-board accelerometer, temperature, humidity, and pressure sensors. The Nordic Semiconductor nRF52832’s features and specs include:

  • 64-MHz, 32-bit ARM Cortex-M4F processor
  • 2.4-GHz multiprotocol radio that’s fully compatible with the Bluetooth 4.2 specification and features –96-dB RX sensitivity and 5.5-mA peak RX/TX currents
  • 512-KB flash memory and 64-KB RAM, and a fully-automatic power management system to optimize power consumption.

You can program via the Arduino Integrated Development Environment (IDE) programming interface. If you want to access the Arduino Prio’s most advanced features and functionality, you can use any Nordic nRF52 Series-compatible Software Development Kit (SDK) or programming tools. For example, the nRF5 SDK for IoT enables you to develop IPv6 over Bluetooth low energy applications on the nRF52832 SoC.

Source: Nordic Semiconductor

Cryptography-Enabled 32-bit Microcontroller for IoT Designs

Microchip Technology’s CEC1302 hardware crypto-enabled 32-bit microcontroller enables you to easily add security to Internet of Things (IoT) devices. Enabling pre-boot authentication of system firmware, the microcontroller prevents a variety of security attacks (e.g., man-in-the-middle, denial-of-service, and backdoor). You can also use it to authenticate firmware updates.Microchip CEC1302

The CEC1302’s features, benefits, and specs:

  • Private key and customer programming flexibility
  • Power drain savings and improved execution of application performance
  • 32-bit microcontroller with an ARM Cortex-M4 core
  • The hardware-enabled public key engine of the device is 20 to 50 times faster than firmware-enabled algorithms

In order to quickly develop applications with the CEC1302, use MikroElektronika’s CEC1302 Clicker (MIKROE-1970) and CEC1302 Clicker 2 (MIKROE-1969). You can use the boards with MikroElektronika’s complete development toolchain for Microchip CEC1302 ARM Cortex-M4 MCUs.

The CEC1302 (CEC1302D-SZ-C0) is available today for sampling and volume production in a 144-WFBGA package starting at $1.75 each in 10,000-unit quantities.

Source: Microchip Technology

Telit Announces IoT Innovation Conference

Telit announced that it will soon open registration for the 2016 Telit IoT Innovation Conference, which will take place on Tuesday, September 6, 2016 at Caesars Palace in Las Vegas. The one-day, multi-track conference will feature business use cases and provide you with tools for building your network and enabling connected devices.

As an attendee, you can study real IoT business use cases, network with IoT innovators, discover new technologies for IoT solution deployment, connect with partners, and learn more about Telit products and its IoT ecosystem.

Registration opens soon!

Source: Telit

IAR Systems Supports Wireless Gecko SoCs for IoT connectivity

IAR Systems now supports Silicon Labs Wireless Gecko SoCs, which provide scalable solutions and include Thread and ZigBee stacks for mesh networks, intuitive radio interface software for proprietary protocols, and Bluetooth Low Energy technology for point-to-point connectivity. The IAR Embedded Workbench development provides extensive debugging and profiling possibilities such as complex code and data breakpoints, run-time stack analysis, call stack visualization, code coverage analysis, and integrated monitoring of power consumption. IAR Systems also offers integrated add-on tools for static analysis and run-time analysis.

Support for the Wireless Gecko SoCs is available using IAR Embedded Workbench for ARM, from version 7.60. Free trial versions are available.

Source: IAR Systems

The Future of IoT Security

With the onset of Internet of Things (IoT) technology, an enormous number of devices are now accessible via the Internet and are therefore vulnerable to cyberattack. Society is still adjusting to the fact that devices that people used to trust can now betray them in unexpected ways. Your television may expose your conversations, your printer may divulge your documents, and your fitness monitor may reveal your health information. All of these attacks become possible in the presence of IoT devices which are not designed with security in mind. System designers are trained to evaluate system design options in terms of their impact on system characteristics such as power, performance, and time-to-market, but security is a property which is less well understood. Designers of IoT devices need to have the ability to consider, both qualitatively and quantitatively, how design alternatives affect the security of the system. To do that, designers must understand the essential aspects of common cyberattacks.

The nature of cyberattacks is broad and ever-changing as attackers alter their techniques over time. However, there are a number of attack themes which are fundamental to many cyberattacks and change only infrequently. Designers need to understand these important attack themes and how to defend against them. A good example is a vulnerability to a buffer overflow attack which is usually a result of weak coding practices, such as neglecting to verify that the amount of data written into a buffer is not greater than the size of the buffer. Defense against buffer overflow can likely be achieved through static code analysis and proper testing techniques, without the need to include any security components in the IoT device.

Another attack against IoT devices is a battery draining attack which consumes power by exploiting features of the network communication protocol being used by the device. Different protocols, and their interface controllers, have different degrees of vulnerability to such attacks, and the system designer needs to be aware of this when selecting a communication protocol.

This essay appears in Circuit Cellar 309, April 2016. Subscribe to Circuit Cellar to read project articles, essays, interviews, and tutorials every month!

Defending against some attacks will require the use of software and hardware components which are dedicated to security-related tasks. Such components incur overheads which must be considered by the designer. A common example is whether or not to use encryption, what type of encryption, and whether that encryption should be implemented in hardware or software. Besides the power and cost trade-offs involved, the designer will need to be able to estimate how well each type of encryption protects the system from, for example, a man-in-the-middle attack which intercepts communications with other devices.

IoT security is clearly an important design property which must be considered by designers who understand the complexities of cybersecurity. A problem for the field of IoT is that there is a shortage of IoT designers who understand cybersecurity. There is a range of possible solutions to address the shortage problem which vary based on who takes responsibility to find a solution. One alternative is education or training to ensure that designers are aware of the complexities of the security problem and can address them during the design process. Individual IoT designers may take responsibility for their own training, which means that the designer will individually seek out learning materials and possibly courses. As a professor I feel that individuals should always take responsibility for their own education, but in practice this is difficult and may not consistently result in the best outcome for all concerned. An individual who is not familiar with security will have a hard time determining what is important to learn and what is not, so they may waste time and money on education with no real value. In my role as Vice Chair of Undergraduate Studies, I am frequently asked about what a student needs to learn to be productive in industry, but if an individual cannot find an appropriate mentor to provide them with some direction, then their attempts at education may not be fruitful.

Another alternative is to place the responsibility for the development of secure IoT devices on the companies which employ the designers and sell the IoT devices. For this to happen, company managers must first accept that security costs money and that security is worth some expenditure. As long as security is seen as an overhead with no direct financial benefit, industry is not be motivated to make the necessary changes to build secure systems. Too often, security is largely ignored until a successful cyberattack against a company is publicized and the company suffers in terms of reputation and possible lawsuits. Industry needs to accept the importance of security upfront to avoid the more significant costs of dealing with successful attacks.

Companies can take several different approaches to ensuring security including guaranteeing that their designers are appropriately knowledgeable about IoT security. A salary premium for security experts could motivate employees to take responsibility for their own security education. In-house corporate training can be provided to employees whose job responsibilities necessitate an understanding of security. Employers can outsource and pay for education at local or online schools. When a project is particularly security-sensitive requiring more expertise than is available internally, a contractor with the appropriate security expertise can be brought in. All of these options incur different costs which would need to be justified by the need for security in the market where the IoT devices will be used.

Eventually, a mixture of these approaches should be employed to achieve the best, and most secure, results. Individual designers need to make every effort to learn about security issues, and employers need to motivate them with appropriate salaries and facilitate their efforts by providing opportunities for education. The lack of security of current IoT devices has been used as an argument against their adoption, but there seems to be no stopping the growing use of the IoT. At the same time, cyberattacks are also growing in number, sophistication, and financial impact. Security needs to be a first-class design consideration for IoT systems, on par with cost, power, and the other constraints that embedded designers have always dealt with.

Associate Professor Ian G. Harris earned a BS in Computer Science at MIT and MS and PhD degrees in Computer Science from the University of California San Diego. He is currently Vice Chair of Undergraduate Education in the Computer Science Department at the University of California Irvine. His research group focuses on the security and verification of Internet of Things systems. He also teaches an IoT specialization entitled “An Introduction to Programming the Internet of Things.”