web analytics

Baseline Security Recommendations for IoT

Rate this post

In the context of Critical Information Infrastructures

The Internet of Things (IoT) is a growing paradigm with technical, social, and economic significance. For ENISA, IoT is an emerging concept comprising a wide ecosystem of interconnected services and devices, such as sensors, consumer products and everyday smart home objects, cars, and industrial and health components. These technologies collect, exchange and process data in order to dynamically adapt to a specific context, transforming the business world and the way we live as a whole. IoT is tightly bound to cyber-physical systems and, in this respect, safety implications are pertinent.

Nevertheless, IoT poses very important safety and security challenges that need to be addressed for IoT to reach its full potential. Many security considerations regarding IoT are not necessarily new; they are inherited from the use of networking technologies. However, the characteristics of some IoT implementations present new security challenges, threats and risks that are manifold and evolve rapidly. The protection of IoT deployments depends on the protection of all systems involved (the devices themselves, cloud backend and services, applications, maintenance and diagnostic tools, etc.).

Addressing these challenges and ensuring security in IoT products and services is a fundamental priority. One of the main concerns is the impact that the different threats may have since attacks on IoT deployments could dramatically jeopardise people’s security, privacy and safety, while additionally IoT in itself can be used as an attack vector against other critical infrastructures. Also, since IoT can drastically change the ways personal data is collected, analysed, used, and protected, privacy concerns have been raised. These need to be addressed to ensure user trust and confidence in the Internet, connected devices, and related services. However, beyond technical security measures, the adoption of IoT has raised many new legal, policy and regulatory challenges, broad and complex in scope, that remain unanswered, amplifying at the same time some existing issues. The rapid rate of change in IoT technology has outpaced the ability of the associated policy, legal, and regulatory structures to adapt, leaving no clear security framework to follow. This has led most companies and manufacturers to take their own approach when designing IoT devices, causing interoperability issues between devices from different manufacturers, and between IoT devices and legacy systems.

For these reasons, ENISA is defining a set of Baseline Security Recommendations for IoT. The aim of this work as reported here is to provide insight into the security requirements of IoT, mapping critical assets and relevant threats, assessing possible attacks and identifying potential good practices and security measures to apply in order to protect IoT systems.

As a result of this work, after taking into consideration all the background research carried out, the views expressed by the experts interviewed, and the good practices and security measures identified, a series of recommendations has been developed, namely:

  • Promote harmonization of IoT security initiatives and regulations
    • Intended for IoT industry, providers, manufacturers, associations
  • Raise awareness for the need for IoT cybersecurity
    • Intended for IoT industry, providers, manufacturers, associations, academia, consumer groups, regulators
  • Define secure software/hardware development lifecycle guidelines for IoT
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Achieve consensus for interoperability across the IoT ecosystem
    • Intended for IoT industry, providers, manufacturers, associations, regulators
  • Foster economic and administrative incentives for IoT security
    • Intended for IoT industry, associations, academia, consumer groups, regulators
  • Establishment of secure IoT product/service lifecycle management
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Clarify liability among IoT stakeholders
    • Intended for IoT industry, regulators

Views: 1


advisor pick´S post

More Latest Published Posts