Categories: Security

ENISA Position Paper Pushes ‘Trust Label’ For IoT Devices

ENISA, the EU Agency for Network and Information Security, has produced a position paper in support of a security labelling scheme for connected devices that would be similar to the CE marking system.

The paper, developed by semiconductor makers ST, NXP and Infineon with ENISA’s support, is the next step toward mandating better security for connected devices such as web cameras and television set-top boxes, whose poor protections have led to their increasingly frequent use by hackers in disruptive cyber-attacks.

IoT trust label

“The development of European security standards needs to become more efficient and/or adapted to new circumstances related to Internet of Things (IoT),” ENISA stated on Monday.

“Based on those requirements, a European scheme for certification and the development of an associated trust label should be evaluated.”

The policy paper outlines an approach to standardisation and certification, security processes and services, security requirements and their implementation, and the economic dimensions of such a scheme.

It proposes minimum standards for all connected devices, from the simplest gadgets up to complex systems such as connected cars and factories, which would be made mandatory in order to guarantee the same requirements for all industry players,

Higher-level sector- or application-specific security levels could then be developed building on the baseline requirements, the paper suggested.

“Currently there is no basic level, no level zero defined for the security and privacy of connected and smart devices,” the paper reads. “There are also no legal guidelines for trust of IoT devices and services and no precautionary requirements in place.”

The US’ Federal Trade Comission and Ofcom have both suggested industry improve the security of connected devices, but the FTC has taken a position against regulation, a stance reiterated at a meeting of computer security professionals at Nasdaq on Monday, while Ofcom has only said it would “work with relevant organizations… to identify and explore solutions”.

ENISA expansion

ENISA is currently campaigning for a broader role for the agency ahead of an organisational review by the European Commission scheduled for September and the renewal of its mandate in 2020.

During the recent WannaCry ransomware outbreak ENISA organised a cross-EU task force, reporting regularly to the Commission and liaising with the EU CSIRT Network, an initiative it described as “the first ever case of cyber cooperation at EU level”.

In a February document outlining its case for a broader mandate, ENISA cited the Mirai botnet – which made use of thousands of hacked connected devices – as an example of the increasing volatility of the online world and the kind of threat requiring a stronger response.

“Crime, espionage, sabotage and even international conflicts move from the so-called real world into the virtual cyber world,” wrote ENISA executive director Udo Helmbrecht in the paper’s foreword.

“Today, more than ever, there is a place for a European body such as ENISA to be positioned with a cyber-security mandate that is resourced to address the cyber challenges of today and tomorrow,” he said in a separate statement.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

7 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

10 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

12 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago