As Industrial Edge Computing Matures and Grows, Securing Increasingly Distributed Environments Brings New Challenges

Smart, connected manufacturing plants are becoming more sophisticated than ever, given the numerous benefits of improved products, lower costs, more predictability, safer work environments, and deeper analytics for better decision-making.

Industrial Edge computing offers a distributed framework that brings factory and enterprise applications closer to data sources, including sensors, cameras, IoT gateways, edge servers, and more.

The proximity to data at its source in near real-time has proven to render faster insights, improved response times, better bandwidth management, and increased security.

Interoperability and collaboration intensify the diversity at the edge and lead to completely new security challenges. For this reason, many organizations are turning to open-source software foundations to help foster interoperability and enable them to focus on value-add. An open-source mindset and community-based initiatives, such as  the Linux Foundation’s Margo, EdgeX Foundry, and Zephyr projects, are helping participants navigate a world where everything needs to be not just connected, but interconnected and secure, to optimize processes and outcomes while managing risk,

“The key to scaling secure Industrial Edge computing is to extend lessons we’ve learned in the cloud to the physical world. Developers need a straightforward way to build and manage modular software while implementing an appropriate zero-trust security model,” said Jason Shepherd, CEO of Atym.  “At Atym, we’re collaborating in the Ocre project and the broader open-source community to foster open, sustainable infrastructure that enables data scientists and software developers to quickly add and, manage, and secure their distributed edge apps without ever going on-site to fix or improve the software.”

Atym is a software company offering a WebAssembly-based container solution that enables developers to develop, deploy, and manage modular applications for billions of resource-constrained edge devices. The solution is focused on devices that don’t have the resources that can’t support traditional data center technologies like Linux, Docker, and Kubernetes while providing an experience that is familiar to cloud engineers. The solution is built on an open-core model that leverages the Ocre device runtime from the Linux Foundation.

“Too often in the past, technologies have been developed and implemented with security as an afterthought but, in our case, we look at security starting in silicon and how our enabling orchestration infrastructure fits into the full stack, making sure it is part of the DNA of what we offer,” Shepherd said. “We build upon the security benefits provided by WebAssembly’s open technologies mindset and standards for compatibility and scalability and are looking at the alchemy of IT technologies, including virtualization and containerization and OT systems with security that ensures industrial edge computing frameworks are at a zero-trust level.

Embedded edge devices are deployed in the physical world – spanning locations from factory floors and retail stores to energy infrastructure and homes. These locations often lack a well-defined security perimeter, enabling attackers to tamper with devices physically. The devices may also be deployed on untrusted networks the manufacturer does not own.

For all these reasons, a robust zero-trust security policy is a necessity for embedded edge devices. A “zero-trust” approach means that all users, devices, and networks are inherently untrusted and that access is explicitly granted based on policy. This requires design considerations for both devices and supporting management tools.

“The aim of Enterprise Digitalization is to enhance operational efficiency, extract value-driven data from IoT/OT devices, and enable IT/OT convergence, which demands security, availability, scalability, and interoperability,” said Srinivas Kumar, CEO of Symmera, a startup that simplifies network security for complex OT/IT networks by enabling two-factor authentication with trusted identifiers for devices on existing infrastructures.

“Implementing digital trust in applications and data requires simplification for application developers, device manufacturers, and end-user field operators,” Kumar explained. “We believe in the importance of zero trust and open standards, and as such, are collaborating with the Margo alliance to define open reference architecture and interfaces for device orchestration.”

Shepherd noted that, with the rising threat to industrial systems from increasingly professional and state-sponsored cyberattacks, the security aspect continues to rise in importance. Flexible application management using virtualization and containerization can contribute to security, which IT and OT teams collectively embrace.

“The challenges to achieving secure and efficient system management at the industrial edge, including within a cloud-enabled industrial infrastructure, and the stakes will only grow higher with the adoption of more and more AI-driven applications,” Shepherd explained.

“Cybersecurity is especially challenging for embedded devices because they often don’t have sufficient hardware resources to protect themselves, lack robust authentication mechanisms, are physically accessible, run on untrusted networks, and are often inadequately tested due to resource limitations,” he added. “Compounding these challenges is that they are typically deployed across geographically diverse areas, which greatly increases the attack surface.”

Today, 99% of MCU-based devices are powered by firmware written in C/C++. These programming skills can be hard to come by, and development cycles are complex and lengthy. The required investment has resulted in widespread legacy codebases that are especially vulnerable to exploits.

“Further complicating security (and performance) is that MCUs don’t have Memory Management Units (MMUs), meaning a single compromise in firmware provides attackers with access to the entire memory footprint,” according to Shepherd. “MPUs help but are limited in what they can do and are complicated to develop for.”

Complexity is also driven by the heterogeneity of embedded edge devices compared to server, PC, and mobile hardware running Windows, Android, iOS, and Linux. MCU-based devices have wildly different silicon architectures with different tool sets and operating systems.

According to a report by Fortune Insights, the global edge computing market was valued at $10.11 billion in 2023. The market is projected to grow from $13.66 billion in 2024 to $181.96 billion by 2032, exhibiting a CAGR of 38.2% during the forecast period.

“When we combine the growth of edge applications, especially in the Industrial Edge computing and Industrial IoT worlds, it’s critical to think through the security layers and to address the particular challenges that come along with small, resource-constrained devices,” Shepherd summarized. “Until we do, developers will not be able to maximize their applications in a way that assures buyers that the gains they make through more automation will not be earned at the expense of a cyberattack.”