By Tony Hodgson
This is the second in a series of blog posts following the progress being made on the AREA’s first research project. Read the first installment here.
The topic of security in enterprise AR environments is both under-addressed and vital. Our cybersecurity team at Brainwaive is excited about the opportunity to work with the AREA to protect companies’ information and assets through this first-ever AREA-funded research project. The objective is to develop and popularize a reliable, repeatable means of assessing security when adopting AR headsets/glassware solutions in industrial/enterprise settings.
With several weeks of R&D behind us, the Brainwaive cybersecurity team is beginning to finalize the scope and structure of an AR Security Framework and Testing Protocol. While most of our initial focus is on security threats and the defensive posture of wearable AR devices themselves, it’s important to recognize that the headset or smart glasses are just one element in an end-to-end AR “solution stack.” The Security Framework will eventually address all the unique elements of the AR stack, including wireless networking, data gateways, cloud services, applications, and more. Additionally, full enterprise protection requires development and governance of sound use policies and procedures, and training to develop end-user competence with the systems.
From a security standpoint, wearable AR devices may seem to be similar to common mobile devices like smartphones and tablet computers. However, we’ve identified multiple important factors that make AR systems unique, and we’re mapping the new trust boundaries and roles of the users. The Brainwaive team will elaborate on these in the final report and in our presentation at the upcoming Augmented World Expo. Also, in this initial project, we’re focusing only on characterizing the inherent design characteristics of the wearable device hardware and software from a security perspective. In follow-on projects, we’ll perform active penetration testing to determine the robustness of device designs and their level of defense against malicious attacks.
Knowledge is power when it comes to protecting your enterprise assets from bad actors trying to break in and steal sensitive information or disrupt your operations. Employing the AREA AR Security Framework and Testing Protocol, enterprise users will be better equipped to select and use AR headset solutions providing the proper types and levels of security for their specific use cases.
Tony Hodgson is CEO of Brainwaive LLC.