Categories: Security

EU Pushes IoT Security Regulations

The European Commission has said it is planning to push industry governance measures that would improve the security of Internet-connected devices such as cameras, set-top boxes and other consumer electronics, amidst increasing exploitation of such devices to carry out online attacks.

Speaking at a conference in Brussels, a senior Commission official said the body wants to take the measures to ensure consumers continue to trust Internet-connected products.

Certification scheme?

Thibault Kleiner, deputy head of cabinet for Commission digital policy commissioner Günther Oettinger, said the body wants to see the creation of a certification process for “Internet of Things” devices that would ensure users are protected.

“That’s really a problem in the Internet of Things. It’s not enough to just look at one component. You need to look at the network, the cloud. You need a governance framework to get certification,” Kleiner said, according to a report by news outlet EurActiv.

He said such a scheme could be comparable to the European energy-consumption labelling scheme, which was implemented by an EU directive in 1992 and covers products such as white goods, light bulbs and automobiles.

But he acknowledged some hardware manufacturers consider such a scheme unworkable and instead want to see the development of a standardised SIM card-like component that would be used in connected electronics to ensure security.

IoT botnets

Currently most connected devices include minimal security protections, allowing hackers to infiltrate them en masse and assemble them into powerful botnets directing malicious traffic to knock websites offline.

The users of such compromised devices would in most cases be unaware that the product was being misused, according to computer security researchers.

The Commission has begun to organise its efforts around IoT, including setting up a group called the Alliance for Internet of Things Innovation last year backed by large firms in industries including energy, automotive and health care.

But there are already around 6 billion connected devices in use around the world, a figure expected to rise to 20 billion by 2020, according to consultancy Gartner.

Insecure devices

The IoT security issue made headlines last month month when a botnet made up of compromised devices was used in an attempt to disable popular IT security website Krebs On Security.

The attack was carried out on a scale rarely seen before, even in incidents involving more conventional botnets made up of PCs, according to Akamai, the Internet management service that dealt with the attack.

Bruce Schneier, a well-known computer security researcher, said last week the attack shows regulation is necessary.

“What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem,” he said in an editorial on IT publication Motherboard. “The government could impose security regulations on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago