Industry Article

# RISC-V’s Role in Securing IoT-Connected Devices

July 23, 2019 by Jothy Rosenberg, Dover Microsystems

## RISC-V hardware offers additional security for IoT-connected embedded devices beyond software cybersecurity.

In order to protect the embedded devices that make up the IoT, security must extend beyond software-based cybersecurity into hardware-based security using RISC-V.

While the Internet of Things may have seemed like a pipe dream of the future just a few years ago, today it’s hard to classify it as anything less than a growing success. In fact, some analysts predict that the IoT is growing so fast, it could surpass 75 Billion connected devices by 2025.

##### Figure 1. Projected IoT-connected device growth from 2015 to 2025. Image courtesy of Statista.

And, although the term IoT normally conjures images of consumer tech, connected coffee pots, and smart refrigerators, these are only a fraction of the greater ecosystem—much of which is currently being deployed by corporations. In fact, a 2018 report from Trustwave found that 64 percent of the organizations they surveyed had deployed IoT devices, with another 20 percent saying they plan to do so in 2019.

However, as more and more technology is being hooked up to the internet, only a minority of users are taking IoT cybersecurity into account. More precisely, only about 28 percent of Trustwave survey respondents said they consider an IoT cybersecurity strategy to be “very important.”

While users remain relatively lax about cybersecurity, device makers are starting to fret about the vulnerabilities connected devices present to users and networks. As an Eclipse Foundations report uncovered, security requirements are the top obstacle to developing connected devices, according to a whopping 60 percent of survey respondents.

##### Figure 2. Top obstacles to developing connected devices according to device makers. Image courtesy of Eclipse Foundation.

This creates an obvious disconnect that could threaten to derail a burgeoning industry. On the one hand, corporations and consumers alike are demanding connected devices at greater volumes—with only a fraction of users concerned about cybersecurity. On the other hand, device makers understand the grave threats an insecure and massive network like the IoT poses to both our infrastructure and society as a whole. However, pressures to meet market demands mean businesses need to choose between speed to market and providing secure devices to their consumers.

This is where the RISC-V Community’s opportunity exists.

While software-based cybersecurity solutions have an important role to play in mitigating cyber risks today, hardware-based solutions must play the leading role in securing our future embedded devices if the IoT is to be successful.

### RISC-V's Opportunity to Secure the IoT

According to the Associated Press, Cybercrime could cost companies as much as $5.2 Trillion over the next five years. The report from January notes that this is mainly due to companies’ “dependency on complex internet-enabled business models [outpacing] the ability to introduce adequate safeguards that protect critical assets.” Simply put, as businesses look toward the IoT to provide new services, efficiencies, and advantages to their day-to-day, they’re also introducing countless attack vectors that leave them wide open to costly cyberattacks. While cybersecurity software can help detect and even deter some of these attacks right now, cybersecurity software is ultimately ineffective. That’s because, on average, every piece of software contains about 15 bugs per 1,000 lines of code. According to the FBI, about two percent of these bugs can actually be turned into exploitable vulnerabilities. We also know that cybersecurity software tends to contain some of the most complex code out there, and is therefore likely laden with exploitable bugs itself. This makes solving for cybersecurity through software impractical. Indeed, it’s like trying to bail out a sinking ship with a sieve. In order to truly address our cybersecurity problem, we need to address the issue at its core—we need to solve for cybersecurity directly inside of our SoCs. As an open-source ISA without the financial burden of a licensing fee, RISC-V is poised to provide next-level security for IoT devices. By eliminating the barrier to entry, companies designing SoCs and devices can save important budget dollars that they might spend on a more expensive ISA, and reinvest them where they matter most: in cybersecurity. With lower costs and being open-source, RISC-V maintains a competitive advantage as an ISA that provides the flexibility needed to implement, and further develop, the next-generation of secure processors. And, if the RISC-V Community can make itself synonymous with secure processing, it can become the leading ISA for the growing,$470 Billion IoT Industry.

Dover’s RISC-V-Compatible CoreGuard® technology stops network-based attacks and provides true security, safety, and privacy to the IoT.

Industry Articles are a form of content that allows industry partners to share useful news, messages, and technology with All About Circuits readers in a way editorial content is not well suited to. All Industry Articles are subject to strict editorial guidelines with the intention of offering readers useful news, technical expertise, or stories. The viewpoints and opinions expressed in Industry Articles are those of the partner and not necessarily those of All About Circuits or its writers.