Today, the EU Cybersecurity Agency ENISA publishes a report on the Security of the Internet of Things (IoT).
The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders.
Security recommendations crucial for functionality
ENISA defines IoT as “a cyber-physical ecosystem of interconnected sensors and actuators, which enables intelligent decision making”. IoT brings the smart element into every life aspect of Europeans, from smart cars and wearables to smart grids and infrastructures. The threats and risks related to IoT devices, systems and services are growing, and new attacks are covered by the media every day.
“The deployment of IoT will be key to our smart cities, smart airports, smart health and smart X. It is envisaged, that IoT will be deployed everywhere and will have a positive impact on our lives. The deployment of baseline security recommendations into our IoT ecosystem will be critical to the proper function of these devices by mitigating and preventing cyber-attacks.”, said Prof. Dr. Udo Helmbrecht, Executive Director of ENISA.
Extremely complex landscape
With a great impact on citizens’ safety, security and privacy, the IoT threat landscape is extremely complex. Therefore, it is important to understand what exactly needs to be secured and to implement specific security measures to protect the IoT from cyber threats. This is particularly important in the context of ICT systems, which are either critical infrastructures themselves or essential for the operation of critical infrastructures.
The ENISA report provides IoT experts, developers, manufacturers, decision makers and security personnel with a guide to good practices and recommendations on preventing and mitigating cyber-attacks against IoT.
Following a horizontal approach, ENISA’s report aims to define a common background between particularities of diverse, vertical IoT application areas with a focus on critical infrastructures. The report builds on the expertise and insight previously gained by ENISA through its sectorial studies on smart infrastructures such as smart homes, smart cities, intelligent public transport, smart cars, smart airports and eHealth (available on ENISA’s website).
The recommendations of the report are meant to be of use to all actors involved, from the European Commission and governments to the IoT industry, providers, operators, manufacturers and consumers’ associations.
IoT is entering into all aspects all life so there is a need for a strong holistic approach and to:
Promote harmonization of IoT security initiatives and regulations;
Raise awareness of the need for IoT cybersecurity;
Define secure software and hardware development lifecycle guidelines for IoT;
Achieve consensus on interoperability across the IoT ecosystem;
Foster economic and administrative incentives for IoT security;
Establishment of secure IoT product/service lifecycle management;
Clarify liability among IoT stakeholders.
ENISA’s future work in the field will be focused on enhancing the security and resilience of IoT in Europe, engaging all relevant key stakeholders and providing studies and knowledge to face the upcoming challenges. The baseline security requirements for IoT in critical infrastructures presented in this report can serve as a foundation for further efforts towards a harmonised EU approach to IoT security.