Security and the Internet of Things (IoT) are an ‘explosion waiting to happen’, according to Prof Dr Udo Helmbrecht, Executive Director, European Union Agency for Network and Information Security, ENISA. He told a Berlin conference on the ‘Digital Society’: “IoT entails a market-driven ecosystem, where functionality and low cost rather than security and safety seen as the main drivers. I believe this is an explosion waiting to happen and, when it does, end users will cry about the lack of security and privacy by design.”
He spoke of cyber-security as a challenge; but it also presents an opportunity, ‘to promote a new generation of products and services that incorporate security and privacy by design’, he said. The European Union proposes cyber-security certification, as a voluntary framework that builds on national certification schemes and aims to enhance trust and confidence in the digital products and devices.
On the IoT, he said that ENISA set up an IoT Expert Group that aims at giving initial advice before the end of 2017. He raised the question of legal liability and the IoT. For example, how would an autonomous driving vehicle be programmed to react to a potential head on collision with another vehicle? “Will the vehicle maintain its path or will it swerve to avoid a collision but potentially putting other road users at risk?”
He spoke also of incorporating cyber security in all stages of the lifecycle of products and services. “The NISD [EU Network and Information Security Directive] and GDPR [EU General Data Protection Regulation, each due to come into force in 2018] have to be implemented and interpreted in the light of the IoT development and deployment. IoT standardisation and certification of products are currently lagging behind demand.”
As he stressed, regulation, certification or standardisation are not keeping up with technology.
For the speech in full visit the ENISA website. Dr Helmbrecht is among the ‘cyber threat intelligence’ speakers invited to the Security and Counter-Terror Expo (SCTX) at London Olympia on March 6 and 7.
Recently ENISA published a report on the Security of the Internet of Things (IoT). You can download ‘Baseline Security Recommendations for IoT’ at https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot.
