Security of and related to IoT ecosystems is one of the main trust components that AIOTI is and has been focussing on since it was founded. A substantial part of IoT ecosystems are already, or will become part of critical infrastructure, vital systems and essential services.
IoT is one of the main areas where physical and digital realities meet, in the meanwhile more than 20B times. Thus, the relationship between IoT and cybersecurity is crucial from the security point of view where a holistic perspective that includes a joint approach to physical, cyber-physical and digital security is required.
As the Commission has opened consultations on the Cyber Resilience Act, the aim of this new initiative seems to be to ensure that cybersecurity is taken into account during all phases of the development process (security by design) as well as that products are placed on the market with the most secure settings enabled by default (security by default). It also seems to be to improve the internal market’s functioning by streamlining and supplementing existing rules applicable to digital products and preventing further fragmentation of cybersecurity requirements for digital products and ancillary services in the market.
This new proposal seems to adopt a horizontal approach to cybersecurity, namely it will be applicable across sectors. Moreover, there is awareness that emerging technologies pose new risks throughout their whole life cycle. One specific example concerns software security, which is seldom addressed in EU law. The new proposal seems also to aim to complement the certification framework envisaged in the second part of the Cybersecurity Act (CSA).
AIOTI therefore endorses the intended objectives and welcomes the possibility to respond to the call for evidence, and in the following paragraphs will expand on several aspects of this initiative.
Regarding IoT Security, in 2016 and 2017 AIOTI together with the Commission, ENISA and other relevant AIOTI members and other stakeholders has organised two workshops in which these and related topics has been extensively discussed and resulted in outcomes as published in two reports, which are encouraged to be taken good notice of and form the basis of the observations made in the document.
The full document can be downloaded here.