Kaspersky Lab contributes to amplification of IoT security standards in Europe

Kaspersky Lab has provided expert recommendations for the “Good Practices for Security of Internet of Things in the context of Smart Manufacturing” study, to support a need for robust IoT security standards. Developed by the European Union Agency for Network and Information Security (ENISA), the report aims to strengthen IoT security in the context of Industry 4.0 and Smart Manufacturing, and was released in November 2018.

The concept of Industry 4.0 is being widely implemented into industrial strategy, giving way to high computerization, connectivity, and deep integration of IoT into industrial systems. On the one hand, it can lead to improved operational efficiency, time and cost savings for industrial organizations. But on the other, IoT adoption brings potential cybersecurity risks that might result in big losses for them. While the topic is of high importance for stakeholders, an awareness of the threats related to the deployment of Industrial IoT (IIoT) is still limited. The aim of the new study developed by ENISA, is to raise awareness of this issue, as well as to promote collaboration on IIoT security across the European Union.

During the preparation of the report, Kaspersky Lab experts participated in a workshop covering various Industrial IoT and Industry 4.0 security considerations. The team also took part in a series of interviews organized by ENISA with representatives of invited organizations, during which they discussed the role of monitoring technologies, proper assessments around the specifics of Smart Manufacturing, and approaches to threat modeling that could be used. In the final report, ENISA identified key IoT taxonomies and definitions, and consolidated information on good practices with Kaspersky Lab’s expertise on industrial cybersecurity.

“At Kaspersky Lab we advocate that companies follow a ‘secured-by-design’ approach when going down the IoT route, which will allow them to eliminate any threat risks from the very beginning. When creating the report, we shared our recommendations around this concept to ENISA, based on our extensive expertise. We are very pleased to see that many of these insights have been reflected in the published study”, says Ekaterina Rudina, senior system analyst at Kaspersky Lab ICS CERT.

The new study is a continuation of the ‘Baseline Security Recommendations for IoT’ report – which includes policy measures for EU institutions, IoT hardware manufacturers and software developers, issued by ENISA in October 2017. Kaspersky Lab is a member of the ENISA IoT Security Experts Group (IoTSEC), and was also involved in the creation of the previous report, providing expert recommendations.

The full report, “Good Practices for Security of Internet of Things in the context of Smart Manufacturing” can be found here.

To find out more about Kaspersky Lab’s industrial cybersecurity expertise, please visit ics.kaspersky.com

About ENISA

The European Union Agency for Network and Information Security (ENISA) is a center of expertise for cyber security in Europe. The Agency is located in Greece with its seat in Heraklion Crete and an operational office in Athens. The Agency works closely together with Members States and private sector to deliver advice and solutions. This includes, the pan-European Cyber Security Exercises, the development of National Cyber Security Strategies, CSIRTs cooperation and capacity building, but also studies on secure Cloud adoption, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, and identifying the cyber threat landscape, and others. ENISA also supports the development and implementation of the European Union’s policy and law on matters relating to NIS. Learn more at www.enisa.europa.eu/about-enisa.