Over the past four years, I’ve been fortunate enough to contribute to several papers produced by the European Union Agency for Cybersecurity (ENISA). ENISA was started in 2004 as a place for industry experts to partner and work together towards the common goal of making Europe more cyber secure. The Agency works closely with both Member States and the private sector to deliver advice and solutions as well as improving their capabilities. It also supports the development of a cooperative response to large-scale cross-border cybersecurity incidents or crises. Since 2019, the Agency has also drawn up cybersecurity certification schemes.
Our latest report, “Guidelines for Securing the Internet of Things”, was written to help establish a security framework for securing the Internet of Things (IoT). The framework provides guidance for both consumers and providers on how to secure IoT devices and infrastructures, considering the whole cybersecurity cycle. In writing this paper, one of the main objectives was to address the challenges that the global supply chains for IoT must overcome to deliver greater security. We include a non-exhaustive list of security considerations alongside a set of best practices to help ensure not only the security but also the overall quality of the supply chain.
An important area of focus is our section on best practices. While the development of good security practices in the supply chain for IoT is critical, the majority of our advice extends beyond this; similar models and concepts can be applied for IT networks and many IT devices. We provide recommendations that will assist in countering and mitigating the threats that might impact the supply chain, classified into three main groups – actors, processes, and technologies.
While those factors are important in security, one must not forget that there is always a human element needed. Without the right people or partners in place, it is difficult to create and maintain a secure environment. Similar to IT devices, monitoring IoT devices 24×7 is crucial to being able to quickly detect threats and respond to incidents. If you’re unable to manage this in-house, using an MDR service provider to assist with or augment your security is a great way to help orchestrate actions in complex and hybrid environments.
To read ENISA’s recommendations on how to secure the IoT supply chain, download the full report.
To learn more about how Proficio can help you improve your security posture, contact us.