In November 2017, the European Union Agency for Network and Information Security (ENISA) published “Baseline Security Recommendations for the Internet of Things in the context of critical information infrastructures”. The main aim of the study is to offer IoT security advice for organizations in Europe by taking into consideration factors such as the complexity of critical assets, existing cyber threats and solutions for the protection of systems such as IoT. Kaspersky Lab, as a member of the ENISA IoT Security Experts Group (IoTSEC), was involved in the creation of the report by providing expert recommendations.
According to Kaspersky Lab research, incidents involving non-computing connected devices are among the top-3 incidents with the most severe financial impact, both for SMB and enterprise organizations. To respond to today’s growing prevalence of IoT threats and consolidate industry cybersecurity expertise, ENISA has gathered a group of first-rate panelists from some of the leading market players, including Kaspersky Lab experts, to prepare expert advice for the protection of critical infrastructure. Within the ‘Baseline Security Recommendations for IoT’ report, the agency has issued policy measures for EU institutions, IoT hardware manufactures and software developers.
“Kaspersky Lab has vast expertise in the field of critical infrastructure security. We believe that our contribution to ENISA’s IoT security recommendations will help organizations develop more efficient cybersecurity strategies and help policy makers establish highly relevant regulations to fully face up to modern cyber threats,” added Andrey Doukhvalov, Head of Future Technologies, Chief Strategy Architect, Kaspersky Lab.
Kaspersky Lab IoTSEC experts shared their recommendations on two fronts – for EU policy-makers and IoT hardware and software developers. In terms of the key security considerations for EU policy-makers, Kaspersky Lab experts recommend the following:
- Focus on sector-specific recommendations, guidelines and certification requirements rather than on holistic approaches;
- Standardize across the EU and deliver EU-wide IoT terminology and taxonomy for international cybersecurity standards;
- Cooperate actively with industry and involve the private sector in policy-making by using existing industrial associations and groups such as AIOTI;
- Establish a layered defense system against cybersecurity threats as highly relevant for IoT devices.
For those who work directly with IoT systems, Kaspersky Lab experts advise that the following steps be taken to improve security:
- Ensure that all employees have up to date knowledge and skills in cybersecurity and that they are constantly tested;
- Ensure data interoperability with a reliable and automatic patching system. IoT hardware manufacturers and software developers need to adopt cyber supply chain risk management policies and communicate cyber security requirements to their suppliers and partners;
- Conduct a code review during the implementation process to reduce the number of bugs in the final version of a product, while also identifying any malware input or authentication bypass attempts.
The full list of advice for the protection of IoT critical infrastructures can be found in the ENISA study. To find out more about Kaspersky Lab’s Industrial Cybersecurity expertise, please visit https://ics.kaspersky.com/
The European Union Agency for Network and Information Security (ENISA) is a center of expertise for cyber security in Europe. The Agency is located in Greece with its seat in Heraklion Crete and an operational office in Athens. The Agency works closely together with Members States and private sector to deliver advice and solutions. This includes, the pan-European Cyber Security Exercises, the development of National Cyber Security Strategies, CSIRTs cooperation and capacity building, but also studies on secure Cloud adoption, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, and identifying the cyber threat landscape, and others. ENISA also supports the development and implementation of the European Union's policy and law on matters relating to NIS.
Learn more at https://www.enisa.europa.eu/about-enisa.
About Kaspersky Lab:
Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at https://www.kaspersky.co.uk/.
Telephone: 0118 909 0909
100 Longwater Avenue
RG2 6GP, Reading
Kaspersky Lab UK
2 Kingdom Street
W2 6BD, London