Estonian Free PressEstonian Free Press
  • National Security
    • United States
    • United Kingdom
    • Europe
    • Estonia
    • Latvia
    • Lithuania
    • Moldova
    • Poland
    • Russia
    • Ukraine
  • Counterterrorism
  • Cybersecurity
  • Intelligence

Subscribe to Updates

Get the latest National Security News directly to your inbox.

What's Hot

‘Overwhelmed’ food banks forced to turn people away after running out of food

August 14, 2022

Keir Starmer unveils £29bn Labour plan to freeze energy price cap

August 14, 2022

Що сильнішою буде Україна, то слабшою буде Росія і менше триватиме ця війна – звернення Президента Володимира Зеленського

August 14, 2022
Facebook Twitter Instagram
  • Privacy Policy
  • Terms and Conditions
  • Contact
Monday, August 15
Estonian Free PressEstonian Free Press
  • National Security
    • United States
    • United Kingdom
    • Europe
    • Estonia
    • Latvia
    • Lithuania
    • Moldova
    • Poland
    • Russia
    • Ukraine
  • Counterterrorism
  • Cybersecurity
  • Intelligence
en English
en Englishet Estonianlv Latvianlt Lithuanianpl Polishro Romanianru Russianuk Ukrainian
Trending
  • ‘Overwhelmed’ food banks forced to turn people away after running out of food
  • Keir Starmer unveils £29bn Labour plan to freeze energy price cap
  • Що сильнішою буде Україна, то слабшою буде Росія і менше триватиме ця війна – звернення Президента Володимира Зеленського
  • Blissfully unaware in Vermont or knowingly radical?
  • Why are no Democrats prosecuted by Garland’s DOJ?
  • Popular wild walrus euthanized by Norwegian authorities
  • Popescu: Suntem foarte îngrijorați de atacurile din Zaporojie
  • Government must ‘overrule nimbys’ on new reservoirs, says infrastructure tsar
Subscribe
Facebook Twitter Instagram
Estonian Free PressEstonian Free Press
Home » Internet of Things is missing horizontal cybersecurity standards

Internet of Things is missing horizontal cybersecurity standards

September 8, 20214 Mins Read Cybersecurity
Share
Facebook Twitter LinkedIn Pinterest Email

A report released by trade association DigitalEurope on Wednesday (8 September) underlined the lack of baseline cybersecurity requirements, saying the existing rules were insufficient and calling for horizontal regulation as the EU is working on updating its cybersecurity legislation.

Vulnerability to cyberattacks is growing, as the number of devices connected through the Internet of Things (IoT) in people’s homes and everyday lives rapidly increases.

A recent test by ethical hackers at Euroconsumers found that an alarmingly high number of commonplace smart home devices such as WiFi routers, baby monitors and alarm systems suffer from serious weaknesses, leaving them susceptible to what could be very sensitive breaches.

According to DigitalEurope’s report, however, existing product legislation falls short when it comes to addressing cybersecurity.

“Because its scope and conformity assessment methods are generally designed to address physical product functions, existing product legislation cannot properly address administrative or organisational aspects, which are more prominent and common to more types of devices,” it said

In December last year, as part of its new EU Cybersecurity Strategy, the European Commission launched a proposal to revise the cybersecurity standards set in the Network and Information Security (NIS) Directive, the first EU-wide legislation on the topic.

The new legislation, so-called NIS2, is intended to strengthen and expand upon its predecessor in regulatory scope and volume, responding to a general rise of cyber threats but also to growing vulnerability caused by the pandemic-induced increase in dependence on network and information services.

The current state of cyber resilience is a “vicious circle” of dealing with consequences and mitigating threats that risks “undermining trust in the digital ecosystem and preventing us from taking full advantage of technology”, Klara Jordan, chief public policy officer, CyberPeace Institute, warned at a recent cybersecurity conference.

Harmonised and horizontal measures 

The experts surveyed for DigitalEurope’s report overwhelmingly cautioned that cybersecurity should not direct its focus wholly, or primarily, towards product-related features such as passwords, emphasising instead that in order for protections to be sufficient, organisational requirements must be accounted for. 

The report notes that current EU product rules are based on physically verifiable factors such as a product’s electrical properties or the materials it is built with, which cannot be adequately applied to something intangible like cybersecurity.

Another issue is the fact that verification currently occurs at the moment a product is placed on the market, without leaving room for continuous monitoring throughout its lifecycle, something which is necessary to stay ahead of evolving cybersecurity threats and vulnerabilities.

Given the high proportion of common product and organisational baseline cybersecurity requirements, those consulted by DigitalEurope agreed that defining these requirements for connected devices is crucial to ensuring their overall security.

Putting in place horizontal regulation in this area, the report said, is a key way to ensure a sufficient link between legislation and standards, and to harmonise requirements between different products and in different areas. Existing product legislation, it cautioned, is insufficient.

Bart Groothuis, the rapporteur for the NIS2 directive, told EURACTIV that the kind of horizontal legislation called for in the report was much needed, but did not fit within the current NIS2 proposal, an issue he said he had raised with the Commission on a number of occasions.

“The EU Cybersecurity Strategy would be incomplete without such horizontal legislation”, he said. “The Commission should launch proposals in the shortest possible time frame.”

If existing product legislation is used to address cybersecurity, DigitalEurope said, it should be limited to basic requirements and repealed once horizontal regulations entered into force.

Hackable Homes

The research by Euroconsumers demonstrates how these risks could impact consumers on a very personal level.

As part of their “Hackable Home” project, two ethical hackers tested 16 widely available smart home devices made by both well- and lesser-known producers and discovered 54 vulnerabilities overall. In 10 of the devices trialled, at least one of the weaknesses detected was classed as “high severity” or “critical”. 

“The results are alarming,” Els Bruggeman, Euroconsumers’ Head of Policy and Enforcement said. “Manufacturers must do more. This is crucial to create consumer trust that will allow the whole Internet of Things ecosystem to flourish. If it isn’t safe and secure, it isn’t going to happen.” 

The findings echo concerns raised by other groups and experts over the potential risks found in many smart devices currently on the market. In many cases, passwords prove the weak point, especially where devices arrive from the factory with default login details that users often do not go on to change.

A study by UK-based consumer group Which? earlier this year detected 2,435 malicious attempts to log into devices with weak default usernames and passwords in a fake “smart home” over the course of just one week. 

[Edited by Luca Bertuzzi/Zoran Radosavljevic]

Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email

Articles Liés

OIG: DHS Needs a Unified Strategy to Counter Disinformation

August 13, 2022 Cybersecurity

Why Proactive Cybersecurity Is a Must in Today’s Sophisticated Threat Environment

August 12, 2022 Cybersecurity

DISA Flags Contractors’ Inappropriate Use of Government Computers

August 11, 2022 Cybersecurity

CISA Releases Toolkit of Free Cybersecurity Resources for Election Community

August 10, 2022 Cybersecurity

U.S. Space Force Conducts Innovative Cyber Talent Acquisition Process

August 10, 2022 Cybersecurity

Information Enterprise Modernization Is an Important DoD Priority, Official Says

August 10, 2022 Cybersecurity
Don't Miss
United Kingdom

Keir Starmer unveils £29bn Labour plan to freeze energy price cap

By woe whAugust 14, 20220

Labour leader Sir Keir Starmer has unveiled his plan to freeze the energy price cap,…

Що сильнішою буде Україна, то слабшою буде Росія і менше триватиме ця війна – звернення Президента Володимира Зеленського

August 14, 2022

Blissfully unaware in Vermont or knowingly radical?

August 14, 2022

Why are no Democrats prosecuted by Garland’s DOJ?

August 14, 2022
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Our Picks

Popescu: Suntem foarte îngrijorați de atacurile din Zaporojie

August 14, 2022

Government must ‘overrule nimbys’ on new reservoirs, says infrastructure tsar

August 14, 2022

Averea lui Sîrbu, învinuit de îmbogăţire ilicită, salvată de justiţie

August 14, 2022

Boris Johnson spotted in Greece on second holiday in two weeks

August 14, 2022

Subscribe to Updates

Get the latest National Security News directly to your inbox.

© 2022 Estonian Free Press. All rights reserved.
  • Privacy Policy
  • Terms and Conditions
  • Contact

Type above and press Enter to search. Press Esc to cancel.