The Internet of Things (IoT) allows unprecedented interconnectivity for consumers, and unfortunately for those consumers, hackers as well.
The European Union Agency for Network and Information Security (ENISA) recently released a report to provide insight into the security requirements of IoT and good practices recommendations on preventing and mitigating cyber-attacks against IoT systems. The report even includes examples of IoT cyber security attack scenarios.
The report made 7 high-level recommendations to improve IoT security:
- Promote harmonization of IoT security initiatives and regulations;
- Raise awareness of the need for IoT cybersecurity;
- Define secure software and hardware development lifecycle guidelines for IoT;
- Achieve consensus on interoperability across the IoT ecosystem;
- Foster economic and administrative incentives for IoT security;
- Establish secure IoT product/service lifecycle management; and
- Clarify legal liability among IoT stakeholders.
Some of the specific security measures and good practices identified by ENISA come as no surprise. However, there are significant gaps in security implementation and knowledge in relation to IoT security given its new emergence. Maybe if some vendors spent a little bit of time on that last point – ie working out they might get sued – then some of the other steps might follow!
Given the close relationship between digital and physical systems, and the rapid growth of the industry, the report argues convincingly that ensuring security in IoT products and services is a fundamental priority.
You can read ENISA’s report here.
Harry Crawford contributed to this post.