The EU Agency for Cybersecurity, Europol and CERT-EU team up to identify the main security risks of IoT and to work towards achieving a more secure IoT ecosystem across Europe
Tomorrow, the European Union Agency for Cybersecurity (ENISA), Europol’s European Cybercrime Centre (EC3) and the Computer Emergency Response Team for the EU Institutions, Bodies and Agencies (CERT-EU) will launch the 4th annual IoT Security Conference series to raise awareness on the security challenges facing the Internet of Things (IoT) ecosystem across the European Union. The series will span three weeks, with each week exploring a different cybersecurity topic: Operational IoT, Artificial Intelligence (AI) and Supply Chain for IoT, respectively. The series will be held in a virtual webinar format, open to public Q&A.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar said: “Fostering trust and security of our connected digital devices, the Internet of Things, is a priority. When discussing IoT security across Europe, we need a common approach to all aspects of cybersecurity that also considers the context in which IoT products and services operate. For example, a smart medical device such as a connected insulin pump undoubtedly carries higher risk than that of a household smart light bulb. This IoT security webinar series will discuss these issues in order to provide input to policy makers, especially on critical infrastructure sectors employing emerging technologies, such as IoT and AI, and possible cybersecurity certification schemes that could support this effort.”
Head of Europol’s European Cybercrime Centre (EC3) Edvardas Šileris said: “You can secure only what you can understand. The challenge of the Internet-of-Things is understanding what is happening. Through this conference, we want to contribute to this understanding from our law enforcement perspective, identifying how criminals can and will abuse the potential of IoT. The complexity of IoT and its resulting cybersecurity challenges call for a smart and multi-stakeholder approach. I invite everyone from law enforcement, industry, government and academia with an interest in cyber security to join us online to reflect on how to increase the cyber resilience of the IoT ecosystem.”
Head of CERT-EU Saâd Kadhi said: “CERT-EU and CSIRTs from all over the world have been working very hard to keep threats at bay. As teleworking became the norm in the aftermath of COVID-19, the surface we need to protect grew exponentially. The Internet of Things will contribute, more and more, to this growth as many IoT devices are not designed with security in mind. And now that they are gaining a foothold in critical infrastructure and establishing bridges between the digital and physical worlds, it is vital that security become a requirement and not an option. Otherwise, I’m afraid the challenges ahead of us will be overwhelming.”
As vehicles, medical devices, factories and energy plants rely more on the emerging technologies driving forward this increasingly interconnected world, they also become exposed to new threats. The EU Agency for Cybersecurity, Europol and CERT-EU underline the importance of understanding these threats and attacks, and the need to use effective mechanisms to enhance the security of IoT devices.
The IoT Security Conference will open discussions into the trustworthiness of IoT with topics about supply chain integrity, AI deployments and regulations surrounding IoT. The webinars will be opened by Mr Kadhi, Mr Šileris and Mr Lepassaar, respectively, and will include high-level speakers such as Mr Andreas Könen, Director General of Cyber and Information Security at the German Federal Ministry of the Interior, Building and Community, representing the Presidency of the Council of the EU. The series, moderated by Europol EC3’s Head of Strategy and Development Team Dr Nicole van der Meulen, is a three-part interactive series featuring discussions by cybersecurity professionals, experts from cybercrime units, computer security incident response teams, international organisations, private industry, regulatory agencies and academia who will share their views on how to overcome current challenges and how to make cyberspace safer for EU citizens.
- Operational IoT – 7 October 2020 at 15:00 to 16:30 CET
- Artificial Intelligence – 14 October 2020 at 15:00 to 16:30 CET
- Supply Chain for IoT – 21 October at 15:00 to 16:30 CET
The European Union Agency for Cybersecurity, Europol and CERT-EU have been working intensely on tackling the security challenges of IoT for Europe’s infrastructure, businesses, governments and citizens by identifying good practices and measures to allow IoT to function in a more secure and privacy-respecting manner.
The EU Agency for Cybersecurity is dedicated to promoting a culture of security that will improve the ability of EU Member States to respond to cyber-attacks. The Agency has been raising awareness on IoT security through events and summer school courses, and through the publication of in-depth studies, reports and position papers on current cybersecurity matters. Key publications include the Baseline Security Recommendations for IoT and the Good Practices for Security of IoT in the context of Smart Manufacturing. Most recently, the Agency has aggregated these publications and activities on good practices for IoT and smart infrastructure in an online tool to serve as a reference point for IoT security.
Europol has been researching the many advantages of the IoT for law enforcement as a tool to fight crime, and is also doing the same in the area of Artificial Intelligence (AI). Data from connected devices at a crime scene can provide crucial evidence to an investigation, but such data require the same safeguards and security standards to ensure the privacy and safety of citizens. At the same time, Europol is researching how AI can also be (part of) the answer to challenges faced by law enforcement in the execution of criminal investigations, namely information processing and other parts of policing. From a threat perspective, Europol, in close cooperation with industry and academia, is looking into the potential use of AI by criminals with a view to better anticipating possible malicious and criminal activities facilitated by AI, as well as to prevent, respond to, or mitigate the effects of such attacks in a pro-active manner.
CERT-EU, with many experiences on IoT evolution, has witnessed how the technology has become a major issue in terms of cybersecurity, being the “forgotten” part of the security ecosystem – both by manufacturers and users. It supports operations that allow cybersecurity professionals to respond to daily technical challenges.