October 28, 2019

On 24 and 25 October 2019, ENISA and Europol met in Athens for the annual IoT Security Conference looking at the evolution of IoT security and how to implement adequate security measures.

ENISA says that the adoption of the Internet of Things and the emergence of AI have raised many new legal, policy and regulatory challenges, which are broad and complex in scope. Co-operation across different sectors and among different stakeholders is essential to address these challenges.

ENISA notes that over the last few years, prominent IoT attacks have made media headlines, such as the hacking of pacemakers and smart toys for children. Even AI algorithms have been manipulated, leading to erroneous decision-making, such as spoofing of traffic lights and false image recognition. With IoT technologies, the digital and the physical worlds are no longer kept apart from one another. Cars, medical devices, factories and energy plants are all becoming increasingly interconnected, creating new types of threats against critical infrastructure.

ENISA works to identify security risks and provide recommendations on strengthening the security of the IoT. Europol, on the other hand, has been researching the many advantages of the IoT for law enforcement as a tool to fight crime. Data from connected devices at a crime scene can provide crucial evidence to an investigation.

The conference concluded that:

• security should not be an afterthought when designing systems and products and IoT and AI are no exception;
• the inclusion of law enforcement means that criminals abusing connected devices can be investigated and prosecuted;
• law enforcement and the cybersecurity community need to work closely together to address criminal abuse and security of AI;
• AI and IoT digital forensics need to be discussed, together with data and privacy protection, given the amount and range of data collected by algorithms and the possibility of manipulation;
• while general guidelines are needed, it is also important to look into sectorial guidelines, such as autonomous cars, industrial automation, automation of cybersecurity operations, etc. ENISA will be publishing guidelines on securing the software development process for IoT, as well as on cybersecurity of autonomous vehicles;
• IoT and AI are part of a wider interlinked emerging technologies ecosystem that also comprises 5G and Cloud computing; the interplay between all these elements needs to be considered when addressing cybersecurity.

To read ENISA’s press release in full, click here.