EU shifts focus towards smart critical infrastructure security

Published on 5th Nov 2015

The European Union’s information security body is expanding its remit to include the Internet of Things (IoT) and smart “things”, aiming to develop good practices on emerging smart critical infrastructures and services.

Announcing a new work programme last week, the European Union Agency for Network and Information Security (ENISA) said that it would look at the security of smart cars, smart airports and smart hospitals, and conduct new studies in mobile health (mHealth) and IoT security.

These emerging areas were selected “based on their criticality on citizens and the economy”, ENISA explained, adding that the agency expects these particular sectors and services to benefit the most from the growing adoption of IoT and Machine-to-Machine (M2M) technologies.

Early adoption of good security practices will boost the trust and confidence of potential users and pave the way for wider deployment, ENISA added.

The Internet of Things is already growing at a rapid pace, with an estimated 4.9 billion connected things in use in 2015, up 30% from 2014, and the number of connected devices predicted to reach 25 billion by 2020.

But security is critical for the future of the IoT and its adoption by businesses and public sector organisations.

Manfred Kube from Gemalto, in an article for ITProPortal this week, warned that without adequate protection, organisations could find themselves dealing with breaches to sensitive business and customer data, fraud, disruption to services, and long-term reputational damage.

“The IoT opens up a world of possibilities, but the very nature of IoT applications also makes them vulnerable to cyber attacks. Indeed, in terms of grabbing headlines, hacking is one of the few stories that can rival the IoT for media coverage across all sectors. Whatever drives these attacks, over time it is inevitable that these hackers will develop more sophisticated techniques,” Kube said.

To help address that threat, ENISA plans to provide smart critical information infrastructure and service providers and developers with good security and resilience practices for designing, developing and deploying IoT-related services.

At the same time, the agency will continue its work on established priorities such as pan-European cyber security exercises.

Ann-Sophie De Graeve, Counsel, commented:

“Considering the increase in (terrorist) cyberattacks, keeping a close watch on the security side of Internet of Things (IoT) and smart infrastructure is no frivolous luxury. As our cars, homes and cities become more and more connected, security threats will also rise exponentially. Knocking over one domino could in that case easily result in the collapse of entire smart infrastructures or grids. Consequently, companies should make securing their IOT and smart applications their number 1 priority. Privacy and security by design are the way to go!”

Share
Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up