ENISA publishes “Guidelines for Securing the Internet of Things”
The European Union Agency for Cybersecurity (ENISA) recently released the “Guidelines for Securing the Internet of Things”, which is a security guide covering the entire IoT supply chain, including hardware, software, and services throughout the IoT lifecycle: from demand and design to delivery, as well as maintenance and disposal. The Guidelines are designed to help IoT manufacturers, developers, integrators, and all stakeholders related to the IoT supply chain make better security decisions when building, deploying, or evaluating IoT technologies.
The IoT supply chain is currently facing various threats, from physical threats to cybersecurity threats. Organizations rely on third parties more than ever. Because organizations cannot always regulate and control the security measures of their supply chain partners, the IoT supply chain has become a weak link in cybersecurity.
EU Agency for Cybersecurity Executive Director Juhan Lepassaar stated: “Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services. Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT.“
During the formulation of the Guidelines on Securing the IoT Supply Chain, ENISA conducted an investigation and confirmed that untrusted third-party components and suppliers, as well as the vulnerability management of third-party components, are the two main threats to the IoT supply chain. The Guidelines analyze the different stages of the IoT development process, discuss the most important security considerations, identify good practices to consider at each stage, and provide readers with other related resources.