ENISA lays out IoT security proposal
- Auteur:Ella Cai
- Relâchez le:2017-05-24
The paper focuses on four areas: standardisation and certification, security processes and services, security requirements and implementation, and the economic dimensions.
The paper identifies key challenges and recommendations identified for the European Commission to:
‘A European scheme for certification and the development of an associated trust label should be evaluated,’ says ENISA, ‘to ensure that reliable security processes and services are being developed to support industry in implementing security features in their products to encourage the development of mandatory staged requirements for security and privacy in the IoT, including some minimal requirements. These common principles should be considered in future revisions and new legislative initiatives.’
“Trusted solutions and a common defined level for the security and privacy of connected and smart devices is both recommended and needed, to allow Europe to reap the benefits of soon to become ubiquitous technologies,” says ENISA’s Executive Director Udo Helmbrecht, “as such, standardisation and certification have been identified as a priority, to accelerate the level playing field for the entire industry and reflect the trust of citizens, consumers and businesses in the connected environment”.
Furthermore, ENISA is working alongside the Commission and cooperates with the recently formed cPPP (contractual Public-Private Partnership) in order to define a roadmap on NIS Certification, and looks forward to supporting the Commission in the NIS Certification policy area.
The paper identifies key challenges and recommendations identified for the European Commission to:
‘A European scheme for certification and the development of an associated trust label should be evaluated,’ says ENISA, ‘to ensure that reliable security processes and services are being developed to support industry in implementing security features in their products to encourage the development of mandatory staged requirements for security and privacy in the IoT, including some minimal requirements. These common principles should be considered in future revisions and new legislative initiatives.’
“Trusted solutions and a common defined level for the security and privacy of connected and smart devices is both recommended and needed, to allow Europe to reap the benefits of soon to become ubiquitous technologies,” says ENISA’s Executive Director Udo Helmbrecht, “as such, standardisation and certification have been identified as a priority, to accelerate the level playing field for the entire industry and reflect the trust of citizens, consumers and businesses in the connected environment”.
The common position was developed by Infineon, NXP, and STMicroelectronics, supported by ENISA. The Agency aims at working further with industry and seeks the support of more actors in the semi-conductor and chip-product manufacturer field, application and service providers.
Furthermore, ENISA is working alongside the Commission and cooperates with the recently formed cPPP (contractual Public-Private Partnership) in order to define a roadmap on NIS Certification, and looks forward to supporting the Commission in the NIS Certification policy area.