Over the last years the number of devices that are connected to the internet increased rapidly. With that the attacks on such devices has increased tremendously. Examples are attacks on Chrysler and Daimler vehicles, VoIP phones and infrastructure. At the same time, the standards and regulations for developing and operating these system became more established and developed further. Depending on the market of a product there are a lot of regulations to be fulfilled.
Here are some examples: Industrial ISA / IEC 62443, NIST 8259, Consumer ETSI 303 645, Automotive ISO / SAE 21434, all markets 2020 IoT Cybersecurity Act.
More regulations like RED Directive Cybersecurity Enforcement in the EU are discussed and shall be active in 2024.
Some details from RED (Radio Equipment Directive) Cybersecurity Enforcement:
- 3.3 d: radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service.
- 3.3 e: radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.
- 3.3 f: radio equipment supports certain features ensuring protection from fraud.
Cyber Security for Consumer Internet of Things
- No universal passwords.
- Means to manage reports of vulnerabilities.
- Software update capability.
- Securely store sensitive parameters.
- Communicate securely.
- Minimized exposed attack surfaces.
- Ensure Software Integrity.
- Ensure personal data is secure.
- Make systems resilient to outages.
- Examine system telemetry data.
- Make it easy to delete user data.
- Make installation and maintenance of devices easy.
- Validate input data.
One of the main goals of all these regulations is to build up more security inside of IoT devices and to highlight the responsibility of the producer. With that the focus shifts from usage and processing of data in a centralised system like a cloud-based solution to the device itself.
How to prepare:
- For new products, security by design.
- Implement a layered security approach: defence in depth.
- Start with a secure root of trust at the processor level and build up.
- Secure boot secure data secure communications > secure update.
- Establish a process to track and share vulnerabilities.
- Create a Software Bill of Materials (SBOM).
- Protect personal data.
- Have a secure software update process.
Would you like to learn more about how I/O.nite helps you make the right decisions, transform your business and actively shape the future?
E-Mail our experts: firstname.lastname@example.org