New guidelines have been issued by the European Union Cyber Security Agency (ENISA), which proposes to take into account all stages of the life cycle of an IoT device to ensure device safety.
The Internet of Things (IoT) supply chain has become the weak link in cyber security, potentially leaving organizations open to cyber attacks through vulnerabilities who do not know. However, a recently released set of guidelines aims to ensure that safety is an integral part of its entire life. development of IoT products.
The IoT Security Guidelines set out recommendations throughout the IoT supply chain to help protect organizations from vulnerabilities that may arise during their construction.connected things".
One of the key recommendations is that cybersecurity know-how should be further integrated at all levels, including engineering, management, marketing etc., so that anyone involved in any part of the supply chain has the ability to identify potential risks - identifying and addressing them at an early stage of the product development cycle prevents them from becoming a major issue.
It is also recommended that "Security by Design" be adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues are identified early.
Another recommendation is for organizations throughout the product development and development cycle to better forge corporate / business dealings in order to deal with security gaps that can occur when it does not exist Communication among those involved.
These include design errors due to lack of visibility in the component supply chain - something that can happen when there are misunderstandings or lack coordination between spare parts manufacturers and the IoT vendor.
However, not all responsibilities to IoT manufacturers, the report also states that both customers and end-user organizations have a role to play in implementing the supply chain and can “benefit significantly from devoting resources to studying the current landscape and adapting existing best practices. on their own case".