Security and the Transformation of the Embedded Software Engineer

An article by Jacob Beningo that appeared recently in Design News caught my eye and raised an interesting question. The main premise of the article, “The Soon-to-Be-Extinct Embedded Software Engineer,” was that “embedded software engineers of the future will have a very different skillset from their traditional predecessors. They’ll know how to call an API to make the hardware do something, but they won’t know why or how it does it.”

One of the main drivers of this transformation is the IoT, where the push to connect every device to the Internet is creating an unprecedented demand for embedded software engineers. As a result of this demand, companies are finding themselves shorthanded when it comes to the availability of embedded software developers. For expediency, instead of training new engineers, companies are turning to application developers who have experience with Windows applications or mobile devices but have little understanding of low-level hardware.

Mr. Beningo goes on to say that “future embedded software engineers will not be masters of bits and bytes like their predecessors, but rather will have high-level application development skills. Hence, they will know how to call an API to make the hardware perform a function, but not necessarily why or how it does it.” He concludes that rapid innovation often allows teams that might otherwise have been lacking critical skills to still be successful. However, the need for knowledge offered by the traditional embedded software engineer is still required to bridge the gap between the hardware and the new embedded application developers.

As I alluded to earlier, the article raised an important question for me: where does the software security skillset fit in the transformation to the new breed of embedded application developers? As Mr. Beningo noted, the development of software-driven IoT devices is a main driver of this transformation and putting companies under extreme pressure to commercialize connected devices rapidly. At the same time, the proliferation of cyberattacks and threats to IoT devices and data has emphasized the critical need to design in software protection mechanisms to thwart these attacks. Even more concerning is that many of these attacks go beyond merely causing inconveniences, performance snags, or confusion, but jeopardize human safety.

Under the increasing cloud of cyberthreats, the question is who owns the security by design approach required for intelligent device development – the traditional embedded software engineer or the new breed of application developer applying their skills to embedded systems? Who is best equipped to implement code encryption, integrity protection, secure boot and all of the other critical security mechanisms required to protect these devices?

Many companies are relieving their internal developers and software engineers of the mounting pressure of understanding all of the nuances of software security by turning to experts like Wibu-Systems to work with them to integrate established and tested protection mechanisms into their software. This approach allows their own software engineers to focus on what they know and do best. Many of the key concerns of IoT device security and proven approaches to address the issues are covered in this whitepaper, Licensing and Security for the IoT, which can be readily downloaded. Knowledge of these software protections and partnerships with those who understand how best to implement them will go a long way towards empowering the next generation embedded software engineer to develop safe and secure IoT devices.