Categories: Security

EU Pushes IoT Security Regulations

The European Commission has said it is planning to push industry governance measures that would improve the security of Internet-connected devices such as cameras, set-top boxes and other consumer electronics, amidst increasing exploitation of such devices to carry out online attacks.

Speaking at a conference in Brussels, a senior Commission official said the body wants to take the measures to ensure consumers continue to trust Internet-connected products.

Certification scheme?

Thibault Kleiner, deputy head of cabinet for Commission digital policy commissioner Günther Oettinger, said the body wants to see the creation of a certification process for “Internet of Things” devices that would ensure users are protected.

“That’s really a problem in the Internet of Things. It’s not enough to just look at one component. You need to look at the network, the cloud. You need a governance framework to get certification,” Kleiner said, according to a report by news outlet EurActiv.

He said such a scheme could be comparable to the European energy-consumption labelling scheme, which was implemented by an EU directive in 1992 and covers products such as white goods, light bulbs and automobiles.

But he acknowledged some hardware manufacturers consider such a scheme unworkable and instead want to see the development of a standardised SIM card-like component that would be used in connected electronics to ensure security.

IoT botnets

Currently most connected devices include minimal security protections, allowing hackers to infiltrate them en masse and assemble them into powerful botnets directing malicious traffic to knock websites offline.

The users of such compromised devices would in most cases be unaware that the product was being misused, according to computer security researchers.

The Commission has begun to organise its efforts around IoT, including setting up a group called the Alliance for Internet of Things Innovation last year backed by large firms in industries including energy, automotive and health care.

But there are already around 6 billion connected devices in use around the world, a figure expected to rise to 20 billion by 2020, according to consultancy Gartner.

Insecure devices

The IoT security issue made headlines last month month when a botnet made up of compromised devices was used in an attempt to disable popular IT security website Krebs On Security.

The attack was carried out on a scale rarely seen before, even in incidents involving more conventional botnets made up of PCs, according to Akamai, the Internet management service that dealt with the attack.

Bruce Schneier, a well-known computer security researcher, said last week the attack shows regulation is necessary.

“What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem,” he said in an editorial on IT publication Motherboard. “The government could impose security regulations on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago