22 Percent of Designers of Potentially Injurious Internet-Connected Products are Paying Zero Attention to Security

GERMANTOWN, Maryland – March 7, 2017 – Barr Group, The Embedded Systems Experts®, has uncovered alarming information about the state of embedded systems design in its 2017 Embedded Systems Safety & Security Survey. This survey revealed that a significant percentage of embedded systems designers of potentially injurious products are failing to place emphasis on the security of their designs – even though they are Internet-connected.

Approximately 28 percent of the more than 1,700 qualified respondents (50 percent from North America, 27 percent from Europe, 14 percent from Asia, and 9 percent from other geographies) indicated that the products they are designing now are capable of causing injury or death to one or more people (i.e., in the event of a malfunction). Of such products, respondents anticipated that nearly half will always or sometimes be connected to the Internet.

It is widely known that any computer connected to the Internet – including a medical device or other embedded system – can be remotely attacked through hacking. Despite this reality, 22 percent of embedded systems engineers working on safety-critical products that would be deployed online said security was not even on their requirements list. “This is dangerously inadequate planning that puts all of us at greater risk,” said Michael Barr, Barr Group CTO.

Survey findings also revealed that of the designers working on safety-critical projects that will be connected to the Internet,

  • 19 percent follow no coding standards,
  • 36 percent use no static analysis tools, and
  • 42 percent conduct only occasional code reviews or none at all.

“When safety-critical devices come online, it is imperative that the devices are not only safe but also secure,” Barr said. “Considering the many security concerns that currently exist in the IoT, any connected device that has not been designed with security in mind is at risk for tampering, and the results for safety-critical devices can be catastrophic. By failing to design security into a device that is connected to the Internet – especially a safety-critical device, where lives are at risk – we are putting our heads in the sand.”

March 23 Webinar to Provide Detailed Analysis of Survey Results

Barr Group will host a free webinar on Thursday, March 23, 2017 at 1PM ET to discuss the findings from the 2017 Barr Group Embedded Systems Safety & Security Survey.