In our interview, we sat down with George Grey, VP Technology at Qualcomm Technologies and co-founder of Foundries.io, to discuss the future of the connected device landscape. In this conversation, George considers the impact that AI will have across every aspect of the supply chain, delving into the requirements of devices to keep up with the progression and changes that it brings.
George contemplates the need for incentives for OEMs to provide end-to-end security, be it fines or government imposed regulations such as the Cyber Resilience Act. Within this comes the consideration of how the ecosystem can collaborate to help each other adhere to these regulations; and how platforms such as the FoundriesFactory™ Platform, can be integral to both compliance and reduced time-to-market.
Are there specific regulatory developments on the horizon that you believe will significantly impact your business?
With each and every one of the billions of the world’s connected devices presenting an open target for increasingly frequent and sophisticated cyber attacks, legislation is due to come into force to formalize the protective measures that OEMs need to be implementing. The European Union’s proposed regulation, the Cyber Resilience Act (CRA), as well as the USA’s White House and Congress’ directives are looking to make device manufacturers up their game when it comes to cybersecurity; so, security really can no longer be an afterthought in the product design process. If good customer service isn’t enough of a reason for OEMs to provide end customers with security-focused devices, the threat of hefty fines (currently up to €15 million or 2.5% of total worldwide revenue, under the CRA) will surely be a strong enough incentive to get security right.
How do you see the connected device landscape changing over 2024 and what measures should companies take to address these?
2024 will be the year when OEMs accept that connected device security is no longer an optional feature. Global legislation including the European Union’s proposed Cyber Resilience Act (CRA) necessitates platform-based security solutions to help prevent product engineering delays and/or significantly increased costs. Security is not a bolt on module; it needs to be considered through the entire life-cycle of a product from initial hardware and software design to end of life. Specifications such as PSA Certified, coupled with services such as FoundriesFactory™ Platform, can help to simplify OEM security implementation, whilst also accelerating time to market and reducing product risk.
What emerging technologies do you believe will have the most significant impact on your industry in the coming year?
On-device generative AI is already widespread in the mobile phone industry. This trend will continue, with AI capability becoming a standard feature in most, if not all, IoT and edge devices over the coming years. Early adopters of AI technologies will bring new use cases and applications into a multitude of industry segments, creating new business opportunities for the entire connected device industry.
How do you envision the evolution of user experiences through the use of AI and machine learning in your products/services? What changes will we need to make in device security to make them a reality?
Over the next decade it seems clear that generative AI will permeate both hardware (SoCs) and software for edge devices across all industries from consumer to industrial. Use cases include vision detection, translation, preventative maintenance, security and robotics. Given the nature of the industry, AI models will evolve rapidly for these applications, and devices will need to be able to update models, perhaps on a frequent basis, without compromising security. Effective security-focused and incremental OTA updates will be required, necessitating specifications such as The Update Framework (TUF). Platforms such as FoundriesFactory™ Platform offer this and can reduce the effort and time required to implement security-focused and updatable IoT and edge devices.
How do you navigate the emerging number of regulations? What can we do as an ecosystem to ensure we achieve security requirements in time?
In the connected device space responsibility for conformance to regulations lies with the product manufacturer. The EU’s proposed Cyber Resilience Act (CRA), is looking to provide product manufacturers with a 3 year period before production devices must be conformant. Other national regulations may require earlier conformance. However, the average development time for a new Linux based IoT product from project start is typically 2 years. The use of platforms and programs, including FoundriesFactory™ Platform, PSA Certified and Arm SystemReady, can help OEMs reduce development time while simplifying the process of creating security-focused products.