MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier – Source: securityboulevard.com

By Byron V. Acohido

We’re just getting started down the road to the Internet of Everything (IoE.)

To get there – to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind – cybersecurity must first catch up.

I had an edifying conversation about this with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor leader in power systems and IoT, based in Neubiberg, Germany.

We went over how Zero Trust Architecture (ZTA) is gaining steam — and how it embodies a critical paradigm shift necessary to secure hyper-interconnected services.

Not coincidentally, industry standards groups and government regulators have stepped forward to embrace a vital supporting role. Respectively, they’ve begun shaping and implementing new technical protocols and best practices, backed by a fresh slate of audit requirements, to raise the bar of security to where it needs to be.

For a full drill down on how all this ties together – and why it bodes well – please view the accompanying videocast. Here are a few takeaways:

Walls must come down

The front lines of cybersecurity are in flux. Perimeter-focused defenses must be retired and the focus must shift to where the action is — at the furthest edges of the internet, where billions of IoT sensors and controls are proliferating — with scan oversight.

At this moment, as innovation sprints ahead, the mechanisms to secure these edge devices lag dangerously behind. Statista estimates there will be north of 30 billion connected devices by 2030, embedded in systems as varied as pacemakers, wind turbines and smart refrigerators. Each of these devices represents a potential point of failure, susceptible to attack or malfunction.

The challenge lies in the very nature of these devices, Hanna told me. Unlike the robust servers of a data center, IoT sensors are often small, resource-constrained, and low-cost, with limited capacity for complex security measures.

Until recently, their protection depended on surrounding them with layers of external security—firewalls, secured networks and cloud-based monitoring systems. But this castle wall approach is wholly unsuited for protecting hyper-interconnected systems.

The zero-trust imperative

By contrast, ZTA imposes this concept: trust no one, verify everything.

Applying this philosophy to edge devices translates into emphasizing continuous verification rather than the traditional practice of implicitly trusting anyone who gets inside the castle wall.

Hanna

“You can no longer trust the network,” Hanna observes. “Every device, every connection, every interaction must be verified, authenticated, and monitored.”

At the heart of this metamorphosis is a hardware revolution. New generations of microchips can embed encryption, monitoring and control capabilities into devices at the edge – at scale.

This includes everything from a smart home master control to the steer-by-wire mechanisms in a driverless vehicle. In hospitals, these next-gen smart chips are turning up in patient monitoring systems and robotic surgical instruments. And in manufacturing plants, they’re increasingly found in industrial control systems and autonomous robotics.

These chips enable unique device identities, secure communications and even self-healing capabilities. This automated resiliency, if you will, is critical to realizing zero trust in highly complex, IoE environments. “These devices can’t rely on their surroundings for security anymore,” he notes. “They need to secure themselves, from the hardware up.”

Collaborative muscle

While these hardware advancements are promising, they also highlight the scale of the challenge. The expansion of IoT into IoE has vastly expanded the range of potential targets for cyberattacks.

Hackers have exploited everything from fish tank thermometers to baby monitors, turning them into entry points for broader attacks. In one notable case, attackers used internet-connected cameras to assemble the infamous Mirai botnet capable of launching a massive distributed denial-of-service (DDoS) attack.

Governments and standards bodies are taking note. Initiatives like the Matter standard for smart home appliances aim to ensure that IoT devices can communicate securely and reliably across ecosystems. Meanwhile, regulations such as California’s IoT Security Law and the European Union’s Cyber Resilience Act are pushing manufacturers to embed minimum security standards into their designs.

But Hanna warns that regulation alone cannot solve the problem. “The industry has to work together,” he says. “The chipmakers, software developers and device manufacturers all have a role to play. Securing IoT is a collaborative effort.”

Self-healing devices

The road ahead remains daunting. The arrival of post-quantum computing threatens to upend current encryption standards, while the increasing use of artificial intelligence in attacks could automate and amplify threats. Even today, many IoT devices still lack basic protections, and retrofitting them with security is rarely feasible.

Yet there is reason for optimism. The integration of AI-driven anomaly detection into IoT systems, at the chip level, promises a new level of vigilance, enabling devices to flag unusual behaviors—such as a refrigerator attempting to unlock a smart door—and quarantine themselves before harm is done.

By shifting more security functions onto the devices themselves, reliance on legacy, perimeter defenses can take a smaller role. Ultimately, this should give rise to resiliency in each and every sensor and controller at the edges of hyper-interconnected systems.

“We want to get to devices that are capable of healing themselves,” Hanna says.

Securing the Internet of Everything to allow for its full fruition is well on its way. I’ll keep watch and keep reporting

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

February 10th, 2025