On 19 November 2019, the European Union Agency for Network and Information Security (ENISA) released its report ‘Good practices for security of Internet of Things (IoT)’ (Report), providing a comprehensive analysis of security concerns surrounding IoT, secure Software Development Life Cycle (sSDLC) principles, and setting out best practices. Below, we highlight some of the key points. The Report can be read in full here.

Background

IoT refers to a network of internet-connected devices, ranging from microwaves to phones to smart homes. ENISA is tasked with improving the resilience of Europe’s critical information infrastructure and networks, and the Report focuses on establishing good practices for securing the IoT software development process. As a precursor to the Report, in 2017, ENISA released its study ‘Baseline Security Recommendations for IoT’ (here).
Continue Reading ENISA releases report detailing security guidelines for Internet of Things

The European Union Agency for Network and Information Security (ENISA) has published a paper on the security challenges that arise from the convergence of Internet of Things (IoT) and Cloud computing. The paper is directed at IoT developers, IoT integrators and Cloud service providers, and concludes with a number of suggested steps to achieve secure solutions.

ENISA defines IoT as “a cyber-physical ecosystem of interconnected sensors and actuators, which enable intelligent decision making”. This would include, for example, smart homes, Fitbits and Apple Watches. ENISA divides the IoT ecosystem into three components, (i) devices, (ii) communications and (iii) Cloud platform, backend and services.

The growth of IoT in recent years has put pressure on Cloud computing to evolve in order to accommodate IoT’s needs, including aggregating, storing and processing the data that it generates. This resulted in a new model, the “IoT Cloud”.

The emergence of the IoT Cloud poses potential security risks, and ENISA is primarily concerned about the fact that IoT devices provide access to Cloud systems, and therefore any attack on an IoT device can potentially lead to a more widespread attack.

Continue Reading Security challenges arising out of the convergence of Internet of Things and Cloud computing

Last year, we reported on Ofcom’s Statement on ‘Promoting investment and innovation in the Internet of Things (IoT)’ (Statement). IoT refers to the exponentially growing network of products that are capable of communicating with each other, such as smart watches and smart thermostats. The Statement identified four priority areas to support the growth of IoT

With the onslaught of smart watches, smart thermostats, and even smart refrigerators that allow you to Tweet hangry messages to your followers, it’s only natural that a “smart city” would follow.

This week, San Francisco city officials agreed to run a one-year pilot project with Sigfox – an FCC certified French start-up that builds low-power wireless networks – to create an Internet of Things (“IoT”) wireless network that caters exclusively to smart devices with low-bandwidth apps. While the term “wireless network” typically conjures up thoughts of the ubiquitous Wi-Fi symbol, this low-power, wide area network (“LPWAN”) on which Sigfox will operate is entirely separate from traditional cellular networks, which require a much higher level of data streaming and power usage.

Sigfox and city technology crews have installed about 20 of its base stations throughout San Francisco, using libraries and other city buildings. Each base station covers about 12 to 18 miles and is roughly the size of a briefcase. Device makers who want to join the network must install a radio chip that costs less than $2 and comes loaded with the Sigfox firmware.
Continue Reading San Francisco Launches First “Internet of Things” Wireless Network in United States

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say the authors. The study was commissioned by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee.

The DSM strategy was unveiled earlier this year and is aimed at removing regulatory barriers so that digital services can operate seamlessly throughout the EU. However, despite promises made by the Commission and DSM Vice President to review the interplay between the e-Privacy Directive (2002/58/EC) and the DSM, the study finds that the strategy downplays the complexity of issues such as data anonymisation and minimisation in Big Data.

Continue Reading Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

In January, Ofcom, the UK telecommunications regulator, published its Statement on ‘Promoting investment and innovation in the Internet of Things’ (Statement). The Statement acknowledges that the Internet of Things (IoT) has the potential to deliver significant benefits to citizens and consumers. In light of this, Ofcom sought views from its stakeholders on what

This post was written by Frederick Lah.

On Tuesday, January 27, the FTC issued a 71-page Staff Report on the privacy and security issues with the Internet of Things. As we’ve noted in our previous blog posts, the Internet of Things (“IoT”) refers to the growing ability of everyday devices to monitor and communicate information

While hundreds of tech companies are racing to develop the newest in Internet-connected “smart” devices, Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez is sending a reminder to those companies of their responsibilities to consumers. At the 2015 Consumer Electronics Show held in Las Vegas, January 6-9, Chairwoman Ramirez highlighted some best practices to address the