IoT Security Advisors Program from RTOS company Green Hills

April 03, 2014 // By Graham Prophet
Green Hills Software has a new services group, IoT Security Advisors, which brings together security experts from all of Green Hills Software’s business units to provide security services for organisations that must manage the privacy and security challenges associated with the Internet of Things.

GHS says its IoT Security Advisors group is the only security organisation with experts that have successfully achieved certification to IEC 15408 (Common Criteria) Evaluation Assurance Level 6+, High Robustness, the highest software security level ever attained. EAL 6+, High Robustness is the certification required to protect “high-valued information” against “sophisticated threat agents.” The group has enabled clients across many industries to certify to the highest levels of security and safety standards including: NIST FIPS 140-2 (cryptography), DIA DCID 6/3 (classified intelligence information systems), NSA Type-1 (crypto devices), FAA/EASA DO-178B/C (avionics), FDA Class II/III (medical), IEC 61508 (industrial), ISO 26262 (automotive), EN 50128 (railway), and others.

The IoT will enable organisations and individual users to benefit from increased efficiencies, convenience, and lower costs: but a whole new generation of Things will be open to hacking, exploitation, and malware; and security techniques deployed thus far have proven ineffective at protecting consumers, governments, and businesses from determined hackers.

GHS says that, “Beyond the staggering number of devices on the IoT, the types of Things that may be commandeered for nefarious purposes are equally alarming: cars, trains, traffic lights, power grids, factories, and home appliances to name a few. Our public safety and privacy must not be at the mercy of anonymous hackers, foreign intelligence services, organised crime, or multinational corporations. Manufacturers of insecure devices on the Internet of Things will be subject to lawsuits for invasion of privacy, catastrophic failures from denial of service attacks, recalls, and any harm that comes from devices being commandeered.”

IoT Security Advisors’ services include:

· Embedded, enterprise, mobile, network, and system security design consulting services, comprised of security requirements management, secure software development processes, system architecture, data protection, testing, and security training

· Certification assistance for IoT developers who must meet security, safety, and quality standards

· Embedded to enterprise threat and vulnerability assessment services performed by IoT Security Advisors’ leading “white hat” hackers and security