Hello everyone. My name is Oriaki Victor Nsakai. I'm a design engineer by profession. today I'll be talking about, securing embedded systems in IoT, a practical DevOps approach. Now let's dive right into it. firstly, I'm going to talk about, I'm going to talk about what is IoT on embedded systems. then I'm going to talk about security challenges with them. Then we'll move on to the role of DevOps in securing embedded systems. And we'll talk about securing the development, life cycle. And so we'll talk about, securing post deployment IoT devices, balancing innovation, securely. And lastly, we'll talk about the best practices for securing these, embedded devices, practical take home, take homes. Now, what are these embedded, devices? Now, these embedded devices, they are like the brain behind what modern robotics and IoT applications do. they work silently to perform specific tasks within larger systems. they are like the brain, behind this, this modern technology, these smart systems. Yeah, they find applications in, in headscale sector, in the manufacturing sector, even critical infrastructures like the railway systems, power grids, smart grids. this IoT, device is expected to grow to over 25 billion users by the year 2020. Now, we've talked about embedded, so now let's talk about IoT. IoT refers to a network of interconnected physical devices embedded with sensors, software, and other technologies that enable them to collect, exchange, and add on data over the internet. basically, this is IOT, system, they collect data, they exchange the data, and they add on this data over the Internet. for example, in the healthcare sector, these IOT, embedded devices could be used to, monitor and track a patient's health. in my patient sector, it could be used to, to manipulate robots, to be used for the supply chain to check the movement of, the movement of, goods from one, production cycle or production, desk to nest. because we use, it can be applied, be used in our homes to control thermostats. control some devices in our home. So these devices are widely used in various industries. Now, what are the security challenges with these devices? we have, different levels, from the hardware level risk we have, where attackers can be exploited, by trying to physically tamper with these devices. for example, an IOT embedded camera can be, an IOT embedded camera can be, tampered with. a circuit could be plugged into it and, sensitive data could be exploited or gained from this, device. Also, we have the firmware and software vulnerabilities, things like updated firmware. software, weak encryption, if not properly, secured, or if not properly, if not regularly updated, it's going to be exploited by these cyber attackers. also we have the communication protocol weaknesses. These IoT embedded devices, they rely heavily on, communication protocols like the Wi Fi and Bluetooth. So if not properly secured. It could be, intercepted by this cyber attackers. Now, what's the role from DevOps in security and business systems? Now we're talking about security and we want to talk about how DevOps could be used to secure these devices on these systems. So DevOps is, a combination of, a combination of development and operations through automation. so with DevOps, we can ensure software is prepared and, deliver efficiently and securely. Also applying these DevOps principles to embedded systems can help improve security, agility, and automation. Now let's talk about benefits. So some of the benefits include the real time detection of security vulnerabilities. So with DevOps, we could continuously monitor these systems. So vulnerabilities have been exploited. Also, we have automated security testing to ensure security validation is part of the CICD pipeline. so an example could be, we could use automated testing tools to, automated testing tools in DevOps. Pipelines to simulate, attacks on these IOT devices to find vulnerabilities even before deployment. So, lastly, the another benefit of this, this another benefit of DevOps in, in securing embedded systems is faster issue resolution. So this, because it's an automated process, it's, it responds fast and it detects, this. vulnerability flows, on time through this automated processes. Now securing the development life cycle. Now we need to, we need to secure these devices from the design stage, not after deployment or during maintenance. So we could use, We could use, communications that are encrypted, like the TLS protocol. We could also use, secure booting methods, to ensure that, only trusted software, ensure these devices start with only trusted, software. Also, we could use, the trusted platform modules to protect hardware integrity. All right. We could secure this, design to get the design of this embedded systems during the development lifecycle is by ensuring security is validated at every stage of the process. So from the design to the deployments to demand, you want your methodology. Maintainers, excuse me, even during maintainers we could, we could secure this, the design of these systems. Now, even after, after the design phase of this embedded system, we also need to continuously monitor them for unusual activities. So we could use, things like the log and alert systems, thereby, permitted, automated alerts for potential security breaches. So whenever there is a breach we are alerted. Also we could use a patch management method whereby we are whereby there's regular firmware software updates to patch these vulnerabilities. Also this can be done remotely. It doesn't necessarily need to be to involve a human or have a physical intervention. I want to talk about, balancing the vision of security. So while there's an increase in the use of these devices, like I said, they are applied in various industries from the healthcare sector to manufacturing sector to critical infrastructures. we need to also increase the security of these devices. like I said, there's an estimated growth of these devices to, to increase to over 25 billion users by the year 2030. So ensuring these devices are safe is very important. So why is it important we secure these devices? So firstly, when we, when we, put, when we include security features in the design of this, Embedded IoT devices from the design phase to the deployment phase. Even during maintenance, we want to continuously ensure these devices are safe. They tend to be more trusted and adopted by the users. nobody wants to be exploited. So when these devices are safe, we have more people wanting to use them, wanting to buy them, wanting to adopt them. This also further, leads to, open opportunities to new applications and markets. So there's an increase in marketability of these, devices because they are safe and they're trusted. They are not easily exploited by cyber attackers. So by this, we've also increased the scalability of these, devices. Now, what are the best practices for securing these embedded IoT systems? firstly, we need to ensure this, security is, embedded at each stage of this development life cycle from the design phase to the deployment to post deployment to maintenance stage. So we need to continuously conduct regular threat modeling and risk assessments at every given time of this development stage, the development cycle. Also, we should ensure we use, secure communication protocols the HTTPS and TLS, other secure protocols. Then, we should try and integrate security testing into our CI CD pipeline for faster vulnerability detection. like we said, DevOps responds fast. It detects, Threats and vulnerabilities early, so we should try and, while implementing this DevOps approach to securing this embedded IoT system, we should try and integrate security testing into our CID pipelines for faster vulnerability detection. lastly, we should develop clear actionable protocols for responding to this, to security incidents. So by also doing this, practice, we could secure our embedded IoT systems. Now, what are the key takeaways for designers, for systems engineers, for, DevOps, engineers as well, or professionals? So the first one is we should embed security early. So from the design phase to development phase, we should Try and embed the security early to mitigate this risk. Also, we should implement continuous integration and continuous delivery, practices for hardware security. Then we could use, the regular monitor and patch devices, after deployment to maintain security. So even after we've done that. After the deployment, we should also regularly monitor our partial devices for vulnerabilities. Then, lastly, we should continuously adopt these, security, strategies, continuously try and, come up with ideas, innovative ideas to drive greater use, user trust of this event. Like I said, while there's an increase in the use of these devices, we need to, increase the, We need to increase the trust of you to increase security, thereby gaining greater user trust and diverse scalability. So as I conclude today, why there is an increase in the use of this IoT and embedded systems. We need to, try and use the DevOps approach to, increase our security as DevOps tends to, tends to automate its response to attacks. I've also run over this early. It's something with a response fast, by applying this DevOps approach, we thereby, prioritize security and build trust. We also drive scalability and ensure a safer future for everyone. Thank you.