The supply chain around the Internet of Things[1] (IoT) has become the weak link in cybersecurity, potentially leaving organisations open to cyber attacks via vulnerabilities they're not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development.
The Guidelines for Securing the IoT – Secure Supply Chain for IoT[2] report from the European Union Agency for Cybersecurity (ENISA) sets out recommendations throughout the entire IoT supply chain to help keep organisations protected from vulnerabilities which can arise when building connected things.
One of the key recommendations is that cybersecurity expertise should be further integrated into all layers of organisations, including engineering, management, marketing and others so anyone involved in any part of the supply chain has the ability to identify potential risks – hopefully spotting and addressing them at an early stage of the product development cycle and preventing them from becoming a major issue.
It's also recommended that 'Security by Design[3]' is adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues with devices are caught early.
"Early decisions made during the design phase usually have impactful implications on later stages, especially during maintenance," said the report.
SEE: A winning strategy for cybersecurity[4] (ZDNet special report) | Download the report as a PDF[5] (TechRepublic)
Another recommendation that organisations throughout the product development and deployment cycle should forge better relationships in order to address security loopholes which may arise when there's no communication between those involved.
These include errors in design due to lack of visibility in the supply chain of components – something which can happen when there's misunderstandings or lack of coordination