Q&A with IoTech Swiss – winner of the IoT Security Award at the IoT Innovation World Cup 2018

In a previous post, we covered the IoT Innovation World Cup Award Ceremony that took place in February at Mobile World Congress, and we briefly introduced the 10 award winners. We promised to provide more details on each of the winners, so today we’d like to introduce you to Gemalto-sponsored IoT Security Award´s winner, IoTech.Swiss.

IoTech Swiss is a start-up, founded in Switzerland, that designs products and solutions for the IoT and drone industry. One of their solutions is COLIBRI – the first IoT AI based solution designed to make flying a safer experience for pilots and passengers. COLIBRI targets pilots of small aircrafts, ultralights and paragliders, and aims to prevent accidents by identifying, analyzing and predicting conditions that lead to accidents and notifying pilots before it’s too late.

I interviewed the CEO of IoTech Swiss, Daniele Sammartino, to get his views on IoT security and insights on the key principles for success.

What are the main challenges you faced when developing Colibri?

COLIBRI is a lifesaving solution for aircraft pilots, and it integrates software and hardware components. This is an engineering challenge on its own especially when you have to find the best trade-off between reliability, security, accuracy, while trying to keep the solution scalable and cost effective.

How do you view IoT security?

Security is a critical dimension of every IoT/M2M system design. Sensors produce data, systems process it and then actions are taken as a result. Imagine what could happen if remote physical systems such as actuators, valves, and switches were turned on or off remotely, based on data coming from untrusted sensors or hacked datalinks? In a world of automation and mission critical systems with complex IoT edge nodes, any system design becomes security centered.

What are the main challenges for developers when it comes to building IoT security?

Integrating security in IoT impacts both hardware and software design from the beginning. The technologies to secure devices and connectivity are changing very quickly, and at IoTech Swiss we are building solutions around a system architecture that can support changes to ease the system development and operation later on.

Is it easy for developers to integrate security from the very first steps of their design?

It’s challenging. Security is not just an add-on to existing systems but an integral part of it! For example, our solution offers software updates over the air, effectively manages the device provisioning and operation processes, and transports data for analysis. And from a pure business point of view, the scope of security becomes an end-to-end dimension to support from the very beginning.

Who are your customers and are they concerned about potential cyberattacks?

We work with pilots, manufacturing companies, flight schools and clubs that often take for granted that systems and data are secure and reliable and think that nothing can interfere with them.

 As a system integrator and platform operator, we work with technology partners to make sure these challenges are addressed, and expectations answered.

Your solution, Colibri, is a safety service, protecting pilots and passengers. How do you make sure that your solution does not become the target of a cyber-attack and can remain secure over several years?

While a solution’s design could be good today, new threats and unknown vulnerabilities emerge over time. We are investing in identity and access management solutions and trusted services to keep our security solutions strong.

This is valid for edge nodes, connectivity and backend system components.

What should be protected in a connected IoT solution?

Unfortunately, malicious threats are often conceived to propagate throughout, and this makes security an end-to-end issue with dependencies on each layer of the IoT ecosystem: the edge nodes, which are often located in remote locations, the datalinks and connectivity, as well as infrastructure related services (backend/cloud). Protecting each element of the ecosystem and the way they interact together is critical to ensuring security for the whole IoT solution.  

As Daniele Sammartino stated above, building security into IoT devices from the ground up is key – especially if you want to make sure that the implemented security solutions are scalable, and updates can be applied remotely. Following a security-by-design approach for any IoT deployment should ensure thorough security risk assessment at the design stage and provide manufactured devices with strong and unique digital identities. This is key to ensure reliable authentication of genuine devices in the future, trusted data exchanges and access to credential lifecycle management, to face new cyber-threats.

Make sure you visit our blog regularly to stay updated on the latest IoT news and find out more about the winners and finalists of the IoT Innovation World Cup Awards in our upcoming blogs!