Cooperation across different sectors and among different stakeholders is key to securing the internet of things (IoT) a meeting of stakeholders has concluded.
This is one of eight conclusions drawn from a conference of representatives from the private sector, security community, law enforcement, the European Computer Security Incident Response Teams (CSIRT) community and academia.
The conference was hosted by Europol and Enisa, which have joined forces to tackle the security challenges presented by a wide and diverse ecosystem of up to 20 billion interconnected devices by 2010 and services that collect, exchange and process data to adapt dynamically to a context.
Europol and Enisa believe it is important to understand how these connected devices need to be secured, and to develop and implement adequate security measures to protect the internet of things from cyber threats.
Beyond technical measures, they note that the adoption of IoT has raised many new legal, policy and regulatory challenges, which are broad and complex in scope.
The risk of criminals “weaponising” insecure IoT devices was already identified in the 2014 and 2015 editions of Europol’s Internet organised crime threat assessments (IOCTAs) and in Enisa’s 2016 Threat landscape report.
According to Europol and Enisa, it must be assumed that cyber criminals will develop new variants and enlarge the variety of IoT devices affected by this type of malware.
Europol’s executive director Rob Wainwright said cyber criminals are quick to adapt to and exploit new technologies.
“They come up with new ways to victimise and affect people’s lives and invade their privacy, either by collecting or manipulating personal data or by virtually breaking into smart homes,” he said.
“The internet of things is not only here to stay, but expected to significantly expand as more households, cities and industries become connected.
“Insecure IoT devices are increasingly becoming tools for conducting cyber criminality. We need to act now and work together to solve the security challenges that come with the IoT and to ensure [we reach] the full potential,” he said.
Enisa’s executive director Udo Helmbrecht said the IoT revolution is beginning to transform people’s lives and the infrastructures that we use on a regular basis, such as smart homes, smart energy and smart health.
“Manufacturers and operators of these devices need to ensure that security by design has been incorporated into their selection and their deployment,” said Helmbrecht.
“Enisa is pleased to be working closely with Europol to inform key stakeholders of the important role that the IoT is taking on, and the need to be aware of the cyber security and criminal aspects associated with deploying and using these devices.”