New ENISA study looks at Internet of Things threat to critical information infrastructures
- Published: Tuesday, 21 November 2017 11:25
The EU Cybersecurity Agency, ENISA, has published a report on the security of the Internet of Things (IoT) and the potential impact on critical information infrastructures. The study, entitled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders.
ENISA defines IoT as ‘a cyber-physical ecosystem of interconnected sensors and actuators, which enables intelligent decision making’. With a great impact on safety, security and privacy, the IoT threat landscape is extremely complex. Therefore, it is important to understand what exactly needs to be secured and to implement specific security measures to protect the IoT from cyber threats. This is particularly important in the context of ICT systems, which are either critical infrastructures themselves or essential for the operation of critical infrastructures. The ENISA report provides IoT experts, developers, manufacturers, decision makers and security personnel with a guide to good practices and recommendations on preventing and mitigating cyber-attacks against IoT.
The report recognises that IoT is entering into all aspects all life so there is a need for a strong holistic approach. Requirements are to:
- Promote harmonization of IoT security initiatives and regulations;
- Raise awareness of the need for IoT cybersecurity;
- Define secure software and hardware development lifecycle guidelines for IoT;
- Achieve consensus on interoperability across the IoT ecosystem;
- Foster economic and administrative incentives for IoT security;
- Establishment of secure IoT product/service lifecycle management;
- Clarify liability among IoT stakeholders.
ENISA’s future work in the field will be focused on enhancing the security and resilience of IoT in Europe, engaging all relevant key stakeholders and providing studies and knowledge to face the upcoming challenges. The baseline security requirements for IoT in critical infrastructures presented in this report can serve as a foundation for further efforts towards a harmonised EU approach to IoT security.