EC to introduce new security rules for IoT

new security rules for IoT

The European Commission is drafting new rules to govern the Internet of Things security.

The new plan, put forward by digital policy chiefs Günther Oettinger and Andrus Ansip, aims to protect machines from cyber security breaches and speed up internet connections.

Faster internet connections are said to make IoT devices more vulnerable to attack, and the EC is proposing a multi-pronged certification process to guarantee privacy.

Thibault Kleiner, Oettinger’s deputy head of cabinet, says the EC needs to consider the complexity of the IoT when it formulates policy.

“That’s really a problem in the internet of things. It’s not enough to just look at one component. You need to look at the network, the cloud. You need a governance framework to get certification,” said Kleiner.

New security rules for IoT Click To Tweet

Billions in the making 

According to Gartner, there are currently around 6 billion internet-connected devices currently in use around the world, and this is expected to increase to 20 billion by 2020.

Source: IC Insights

Already a large ecosystem, the IoT could prove to be a massive headache for cyber security professionals.

In a speech given at the recent IP Expo, Jean Turgeon, chief technologist at Avaya, said: “We’ve lost control of what enters the network.”

Avaya is promoting its idea of the “everywhere perimeter”, which means the entire internet is now the network for every enterprise.

Necessary skills  

The lack of vendor experience and shortage of skilled security engineers means the internet of things remains a challenging environment for tech professionals.

This is according to the Cloud Security Alliance, an industry group which released a report into the subject, providing a number of security guidelines.

CSA says Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products was created to help designers and developers of Internet of Things (IoT) related products and services understand the basic security measures that must be incorporated throughout the development process.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” said Brian Russell, chair IoT working group and chief engineer, cyber security solutions with Leidos.

“However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups.

“We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”